CVE-2018-21132

Vulnerability

In NETGEAR WAC505 and WAC510 wireless access points, firmware versions prior to 5.0.0.17 are affected by an authentication bypass vulnerability (PSV-2018-0299). The vulnerability exists in the web management interface, allowing an unauthenticated attacker to bypass authentication mechanisms without requiring any prior credentials or special configuration.

Exploitation

An attacker with network access to the affected device can exploit this vulnerability by sending crafted requests to the web management interface. The attack does not require any user interaction or privileges, and it can be performed over the local network (adjacent network) as indicated by the CVSS vector.

Impact

Successful exploitation allows the attacker to bypass authentication entirely, gaining full administrative control over the device. This leads to complete compromise of confidentiality, integrity, and availability (CIA), as the attacker can modify device configuration, intercept network traffic, or deny service.

Mitigation

NETGEAR released firmware version 5.0.0.17 for both WAC505 and WAC510 to address this vulnerability [1]. Users should update to the latest firmware immediately via the NETGEAR Support website. No workaround is provided if the fix cannot be applied. The vulnerability is not listed in the KEV catalog as of the publication date.