CVE-2018-21128

Vulnerability

An authentication bypass vulnerability exists in NETGEAR WAC505 and WAC510 wireless access points running firmware versions prior to 5.0.0.17 [1]. The flaw is present in the device's authentication mechanism, allowing an attacker to bypass login procedures without valid credentials [1]. No authentication is required to trigger the vulnerability, and the code path is reachable by default on affected firmware versions [1].

Exploitation

An attacker must be on the same local network as the affected access point (adjacent network position) to exploit this vulnerability [1]. No authentication or user interaction is required [1]. The attacker can send specially crafted network requests to the vulnerable device to bypass authentication and gain administrative access [1].

Impact

Successful exploitation allows an attacker to gain complete control over the affected access point with high privileges [1]. The impact includes full compromise of confidentiality, integrity, and availability (CIA triad) since CVSS v3 indicates High impact on all three dimensions [1]. An attacker can change settings, intercept traffic, or use the device as a pivot point within the network [1].

Mitigation

NETGEAR has released firmware version 5.0.0.17 for both WAC505 and WAC510 to fix this vulnerability [1]. Users are strongly recommended to download and install the latest firmware from NETGEAR Support as soon as possible [1]. There are no known workarounds mentioned in the advisory; applying the firmware update is the only mitigation [1].