CVE-2017-3834Initialization of a Resource with an Insecure Default in Cisco Aironet Access Point Firmware

CWE-255CWE-1188Initialization of a Resource with an Insecure Default4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
6.2%
top 9.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Aironet Access Point Firmware
Timeline
PublishedApr 6
Latest updateMay 13

Description

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectiv

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-c6vq-6rwf-mq8q: A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauth2022-05-13
CVEList
CVE-2017-3834: A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauth2017-04-06

📋Vendor Advisories

1
Cisco
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability2017-04-05
CVE-2017-3834 — Cisco vulnerability | cvebase