Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

NETGEAR Patches Vulnerability in Wireless Management System

NETGEAR has released a firmware update to address a vulnerability in its WMS5316 ProSafe 16AP Wireless Management System that could result in authentication bypass and privilege escalation.

NETGEAR has released a firmware update to address a vulnerability in its WMS5316 ProSafe 16AP Wireless Management System that could result in authentication bypass and privilege escalation.

The flaw was discovered by Elliott Lewis of Reinforce Services back in April 2015, and was responsibly disclosed with the vendor, which has made a new firmware version available for download to resolve the issue.

The issue has been found to affect all WMS5316 ProSafe 16AP Wireless Management System devices that are running firmware version (Build 1236), but there is a possibility that other firmware releases are also affected. Firmware version 2.1.5 includes a fix for the flaw.

As disclosed on the Full Disclosure mailing list, NETGEAR confirmed that it discovered the vulnerability in other products as well, but did not offer additional details on the matter.

The process of exploiting the flaw to bypass the authentication process and escalate privileges is a rather simple one, given that it only requires for an attacker to include the “&” symbol anywhere in the password value in the login request.

It appears that the system automatically accepts the provided credentials and offers access to the Graphical User Interface, although the account would appear restricted (this would be only the client side). Next, the attacker can send a request to add a new administrative user, which is then available for use.

According to Lewis, this is not the only manner in which the aforementioned products can be exploited. An attacker can also “modify the Java code on its way down to a browser to enable all of the admin functions rather than creating a new user.”

This method of bypassing the authentication process also works, which means that cybercriminals do not necessarily need to create a new users to gain access to the affected Wireless Management System. The researcher notes that the bypass “user” gains full admin access if needed and that there are few indicators of compromise.

On its support website, NETGEAR notes that the newly released firmware version 2.1.5 offers a fix for a “security vulnerability where unauthenticated login possible and gain full admin access,” and another for a “security vulnerability where authentication can be bypassed and unauthenticated OS command can be injected.”

Owners of WMS5316 ProSafe 16AP Wireless Management System devices are advised to update them to the latest software version. Details on how to perform the update can be found on NETGEAR’s website.


Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.