Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0659 — OS Command Injection in Cisco Rvs4000 Firmware

CWE-78 — OS Command Injection5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

65.6%

top 1.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Rvs4000 Firmware Cisco Wap4410n Firmware Cisco Wrvs4400n Firmware

Timeline

PublishedJan 12

Latest updateMay 17

Description

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDcisco/rvs4000_firmware2.0.3.2+4

▶NVDcisco/wap4410n_firmware2.0.6.1+3

▶NVDcisco/wrvs4400n_firmware4 versions+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-vx5m-4g29-886g: The Cisco WAP4410N access point with firmware through 2↗2022-05-17

▶

CVEList

CVE-2014-0659: The Cisco WAP4410N access point with firmware through 2↗2014-01-12

▶

💥Exploits & PoCs

Exploit-DB

SerComm Device - Remote Code Execution (Metasploit)↗2014-01-14

▶

📋Vendor Advisories

Cisco

Undocumented Test Interface in Cisco Small Business Devices↗2014-01-11

▶