CVE-2018-21126

HIGH

NETGEAR WAC505 and WAC510 < 5.0.0.17 - Unauthenticated OS Command Injection

Title source: llm

Description

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.netgear.com/000060232/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Wireless-Access-Points-PSV-2018-0262

Scores

CVSS v3 8.8

EPSS 0.0056

EPSS Percentile 68.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

netgear/wac505_firmware < 5.0.0.17

netgear/wac510_firmware < 5.0.0.17

Published Apr 22, 2020

Tracked Since Feb 18, 2026