CVE-2021-35973

Name of the Vulnerable Software and Affected Versions: NETGEAR WAC104 versions prior to 1.0.4.15

Description: The issue allows an unauthenticated attacker to bypass authentication by invoking any action through the /usr/sbin/mini httpd service. This is achieved by adding the &currentsetting.htm substring to the HTTP query. As a result, the attacker can change the web UI password and enable debug mode, which allows access to the device as the admin limited-user account. Due to weak permissions on the /etc/ directory, escalation to root is relatively simple.

Recommendations: For versions prior to 1.0.4.15, update to version 1.0.4.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the /usr/sbin/mini httpd service to minimize the risk of exploitation. Avoid using the &currentsetting.htm substring in HTTP queries until the issue is resolved.