CVE-2007-2040 — Hard-coded Credentials in Cisco Wireless LAN Controller Software

CWE-264 CWE-3995 documents5 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 74.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wireless LAN Controller Software

Timeline

PublishedApr 16

Latest updateMay 1

Description

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/wireless_lan_controller_software3.2 — 3.2.185.0+1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-4g65-3hrc-pmpq: Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3↗2022-05-01

▶

CVEList

CVE-2007-2040: Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3↗2007-04-16

▶

💥Exploits & PoCs

Exploit-DB

OpenNewsletter 2.5 - 'Compose.php' Cross-Site Scripting↗2007-12-06

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points↗2007-04-12

▶