Just a short post (I will publish a longer one with details on Monday) – if you have the following NETGEAR access point, you should upgrade your firmware now:
- WAC104
NETGEAR's advisory and the firmware can be found here:
- Security Advisory for Authentication Bypass on WAC104, PSV-2021-0075
- WAC104 — Dual Band 802.11ac Wireless Access Point – Firmware and Software Downloads
Please note that NETGEAR assigned CVSS v3.1 score of 8.8 (High), which is incorrect (unless I misread the CVSS specification) - it's actually 9.8 (Critical):
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
This firmware fixes also a couple of other vulnerabilities with lower CVSS scores. More details on Monday.
P.S. This vulnerability chain is dubbed Gears of Chaos (in line with my sense of humor).
Add a comment: