CVE-2018-21131

Vulnerability

An unauthenticated firmware downgrade vulnerability exists in NETGEAR WAC505 and WAC510 wireless access points running firmware versions prior to 5.0.0.17 [1]. The vulnerability allows a remote attacker to downgrade the device to an older firmware version without requiring authentication, bypassing the normal firmware upgrade verification process [1].

Exploitation

An attacker with network access to the affected device (adjacent network position) can exploit this vulnerability without authentication [1]. The attack does not require user interaction or any special privileges, and the low complexity of the attack makes it relatively easy to execute [1]. The exact sequence of steps is not disclosed in the available references, but the advisory confirms the unauthenticated nature of the downgrade [1].

Impact

Successful exploitation allows an attacker to downgrade the device to a previous firmware version that may contain known vulnerabilities [1]. This undermines the integrity of the device's firmware and can lead to further compromise, as the attacker can then potentially exploit other known weaknesses present in the older firmware version, resulting in high integrity and availability impacts [1].

Mitigation

The fixed firmware version 5.0.0.17 is available for both WAC505 and WAC510 models [1]. Users are strongly recommended to download and install the latest firmware from NETGEAR Support as soon as possible [1]. No workarounds are listed, and there is no indication that these devices are on the CISA KEV list.