Command Injection Vulnerability in NETGEAR WAC505 and WAC510 Devices
CVE-2019-20651

8.1HIGH

Key Information:

Vendor: Netgear
Status: Wac505 Firmware
Vendor: CVE Published:; 15 April 2020

What is CVE-2019-20651?

Certain NETGEAR WAC505 and WAC510 devices are susceptible to command injection when an authenticated user exploits this vulnerability. An attacker with valid credentials can execute arbitrary commands, potentially compromising the system's integrity. This affects versions of the devices prior to 8.2.1.16, necessitating immediate attention from administrators to secure their configurations and mitigate risks.

References

https://kb.netgear.com/000061491/Security-Advisory-for-Po...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Apr 15, 2020

Netgear

What is CVE-2019-20651?

References

CVSS V3.1

Timeline