Just a short post (I will publish a longer one with details on Monday) – if you have the following NETGEAR access point, you should upgrade your firmware now:

  • WAC104

NETGEAR's advisory and the firmware can be found here:

Please note that NETGEAR assigned CVSS v3.1 score of 8.8 (High), which is incorrect (unless I misread the CVSS specification) - it's actually 9.8 (Critical):
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This firmware fixes also a couple of other vulnerabilities with lower CVSS scores. More details on Monday.

P.S. This vulnerability chain is dubbed Gears of Chaos (in line with my sense of humor).

Add a comment:

Nick:
URL (optional):
Math captcha: 7 ∗ 3 + 4 =