CVE-2021-1400

CWE-269 — Improper Privilege Management CWE-78 — OS Command Injection5 documents5 sources

Severity

8.8HIGH

EPSS

0.5%

top 33.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wap125 Firmware Cisco Wap131 Firmware Cisco Wap150 Firmware +4 more

Timeline

PublishedMay 6

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5cisco/cisco_business_wireless_access_point_softwaren/a

▶NVDcisco/wap125_firmware1.0.3.1

▶NVDcisco/wap131_firmware1.0.2.17

▶NVDcisco/wap150_firmware1.1.2.4

▶NVDcisco/wap351_firmware1.0.2.17

🔴Vulnerability Details

GHSA

GHSA-jwh8-8mm7-rv2p: Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could a↗2022-05-24

▶

CVEList

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities↗2021-05-06

▶

💥Exploits & PoCs

Nuclei

Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass

▶

📋Vendor Advisories

Cisco

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities↗2021-05-05

▶