CVE-2018-11106

Name of the Vulnerable Software and Affected Versions: NETGEAR WC7500 versions prior to 6.5.3.5 NETGEAR WC7520 versions prior to 2.5.0.46 NETGEAR WC7600v1 versions prior to 6.5.3.5 NETGEAR WC7600v2 versions prior to 6.5.3.5 NETGEAR WC9500 versions prior to 6.5.3.5

Description: The issue is a pre-authentication command injection in the request handler.php file. This allows for potential exploitation without the need for authentication. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations: For NETGEAR WC7500, update to firmware version 6.5.3.5 or later. For NETGEAR WC7520, update to firmware version 2.5.0.46 or later. For NETGEAR WC7600v1, update to firmware version 6.5.3.5 or later. For NETGEAR WC7600v2, update to firmware version 6.5.3.5 or later. For NETGEAR WC9500, update to firmware version 6.5.3.5 or later.