Just a short post (I will publish a longer one with details on Monday) – if you have the following NETGEAR access point, you should upgrade your firmware now:

• WAC104

NETGEAR's advisory and the firmware can be found here:

• Security Advisory for Authentication Bypass on WAC104, PSV-2021-0075
• WAC104 — Dual Band 802.11ac Wireless Access Point – Firmware and Software Downloads

Please note that NETGEAR assigned CVSS v3.1 score of 8.8 (High), which is incorrect (unless I misread the CVSS specification) - it's actually 9.8 (Critical):
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

This firmware fixes also a couple of other vulnerabilities with lower CVSS scores. More details on Monday.

P.S. This vulnerability chain is dubbed Gears of Chaos (in line with my sense of humor).