Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

NETGEAR Patches Vulnerability in Wireless Management System

NETGEAR has released a firmware update to address a vulnerability in its WMS5316 ProSafe 16AP Wireless Management System that could result in authentication bypass and privilege escalation.

NETGEAR has released a firmware update to address a vulnerability in its WMS5316 ProSafe 16AP Wireless Management System that could result in authentication bypass and privilege escalation.

The flaw was discovered by Elliott Lewis of Reinforce Services back in April 2015, and was responsibly disclosed with the vendor, which has made a new firmware version available for download to resolve the issue.

The issue has been found to affect all WMS5316 ProSafe 16AP Wireless Management System devices that are running firmware version 2.1.4.15 (Build 1236), but there is a possibility that other firmware releases are also affected. Firmware version 2.1.5 includes a fix for the flaw.

As disclosed on the Full Disclosure mailing list, NETGEAR confirmed that it discovered the vulnerability in other products as well, but did not offer additional details on the matter.

The process of exploiting the flaw to bypass the authentication process and escalate privileges is a rather simple one, given that it only requires for an attacker to include the “&” symbol anywhere in the password value in the login request.

It appears that the system automatically accepts the provided credentials and offers access to the Graphical User Interface, although the account would appear restricted (this would be only the client side). Next, the attacker can send a request to add a new administrative user, which is then available for use.

Advertisement. Scroll to continue reading.

According to Lewis, this is not the only manner in which the aforementioned products can be exploited. An attacker can also “modify the Java code on its way down to a browser to enable all of the admin functions rather than creating a new user.”

This method of bypassing the authentication process also works, which means that cybercriminals do not necessarily need to create a new users to gain access to the affected Wireless Management System. The researcher notes that the bypass “user” gains full admin access if needed and that there are few indicators of compromise.

On its support website, NETGEAR notes that the newly released firmware version 2.1.5 offers a fix for a “security vulnerability where unauthenticated login possible and gain full admin access,” and another for a “security vulnerability where authentication can be bypassed and unauthenticated OS command can be injected.”

Owners of WMS5316 ProSafe 16AP Wireless Management System devices are advised to update them to the latest software version. Details on how to perform the update can be found on NETGEAR’s website.

 

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.