CVE-2018-21130

Vulnerability

A command injection vulnerability exists in NETGEAR WAC505 and WAC510 wireless access points running firmware versions prior to 5.0.0.17. An unauthenticated attacker can exploit this flaw by sending specially crafted requests to the device, resulting in arbitrary command execution. The issue affects both models listed in the advisory [1].

Exploitation

An attacker must be on the same local network as the vulnerable access point (adjacent network) to exploit this vulnerability [1]. The attack requires no authentication and no user interaction. The attacker sends crafted input to a vulnerable endpoint, which is then improperly sanitized before being passed to a command interpreter, achieving command injection [1].

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary commands on the affected device with the privileges of the underlying process. This can lead to full compromise of the access point, including disclosure of sensitive information, modification of device configuration, and potential use as a pivot point for further attacks on the network. The CVSS v3 score is 8.8 (High), with a vector of AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

NETGEAR has released firmware version 5.0.0.17 for both WAC505 and WAC510 to fix this vulnerability [1]. Users are strongly advised to upgrade to the latest firmware as soon as possible. The advisory does not mention any workarounds if the firmware cannot be applied. The devices are actively supported, and no end-of-life status is indicated [1].