A high-severity vulnerability has been identified in certain PowerStick Wave An products, allowing an authenticated attacker to execute arbitrary code remotely. Successful exploitation could lead to a complete compromise of the affected WiFi extender, enabling the attacker to intercept network traffic, attack other devices on the network, or disrupt network availability. Organizations are urged to apply the vendor-provided security patches immediately to mitigate this significant risk.

This is an authenticated remote code execution (RCE) vulnerability. An attacker who has successfully obtained valid user credentials for the device's management interface can exploit a flaw, likely within the web-based administration panel. By sending a specially crafted request to a vulnerable function, the attacker can execute arbitrary commands on the device's underlying operating system with the privileges of the web server process, leading to a full system compromise.

This vulnerability is rated as High severity with a CVSS score of 8.8. The primary business impact is the complete loss of confidentiality, integrity, and availability of the compromised network device and the traffic that passes through it. An attacker could leverage this access to pivot deeper into the corporate network, exfiltrate sensitive data, deploy ransomware, or use the device as a bot in a larger attack (DDoS). The reputational damage and financial cost associated with a network breach originating from a compromised edge device can be substantial.

Immediate Action: Apply security patches provided by PowerStick Wave An immediately, prioritizing any internet-facing systems. After patching, it is critical to monitor for any signs of exploitation and thoroughly review access logs for any unauthorized or suspicious authentication events that may have occurred prior to the patch.

Proactive Monitoring: Implement enhanced monitoring on network traffic originating from the affected devices. Look for unusual outbound connections, connections to known malicious IP addresses, or unexpected data transfers. Security teams should review device administration logs for unauthorized logins, logins from unusual geographic locations, or repeated failed login attempts which could indicate brute-forcing.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Restrict access to the device's management interface to a trusted set of internal IP addresses.
• Disable remote/WAN management entirely.
• Ensure a strong, unique administrative password is in use to make the authentication prerequisite more difficult for an attacker to achieve.
• Segment the network to isolate the WiFi extender from critical assets.

Public Exploit Available: False

Given the high-severity rating and the potential for complete system compromise, we strongly recommend that organizations treat this vulnerability with extreme urgency. The primary course of action is to apply the vendor-supplied patches to all affected devices without delay. Although this CVE is not currently listed on the CISA KEV catalog, its high impact makes it a prime candidate for future inclusion if widespread exploitation occurs. If patching is delayed, the compensating controls listed above must be implemented immediately as a temporary mitigation.