Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

NETGEAR Patches Vulnerability in Wireless Management System

NETGEAR has released a firmware update to address a vulnerability in its WMS5316 ProSafe 16AP Wireless Management System that could result in authentication bypass and privilege escalation.

NETGEAR has released a firmware update to address a vulnerability in its WMS5316 ProSafe 16AP Wireless Management System that could result in authentication bypass and privilege escalation.

The flaw was discovered by Elliott Lewis of Reinforce Services back in April 2015, and was responsibly disclosed with the vendor, which has made a new firmware version available for download to resolve the issue.

The issue has been found to affect all WMS5316 ProSafe 16AP Wireless Management System devices that are running firmware version 2.1.4.15 (Build 1236), but there is a possibility that other firmware releases are also affected. Firmware version 2.1.5 includes a fix for the flaw.

As disclosed on the Full Disclosure mailing list, NETGEAR confirmed that it discovered the vulnerability in other products as well, but did not offer additional details on the matter.

The process of exploiting the flaw to bypass the authentication process and escalate privileges is a rather simple one, given that it only requires for an attacker to include the “&” symbol anywhere in the password value in the login request.

It appears that the system automatically accepts the provided credentials and offers access to the Graphical User Interface, although the account would appear restricted (this would be only the client side). Next, the attacker can send a request to add a new administrative user, which is then available for use.

According to Lewis, this is not the only manner in which the aforementioned products can be exploited. An attacker can also “modify the Java code on its way down to a browser to enable all of the admin functions rather than creating a new user.”

This method of bypassing the authentication process also works, which means that cybercriminals do not necessarily need to create a new users to gain access to the affected Wireless Management System. The researcher notes that the bypass “user” gains full admin access if needed and that there are few indicators of compromise.

On its support website, NETGEAR notes that the newly released firmware version 2.1.5 offers a fix for a “security vulnerability where unauthenticated login possible and gain full admin access,” and another for a “security vulnerability where authentication can be bypassed and unauthenticated OS command can be injected.”

Owners of WMS5316 ProSafe 16AP Wireless Management System devices are advised to update them to the latest software version. Details on how to perform the update can be found on NETGEAR’s website.

 

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.