CVE-2021-1401

CWE-269 — Improper Privilege Management CWE-78 — OS Command Injection5 documents5 sources

Severity

7.2HIGH

EPSS

1.1%

top 21.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wap125 Firmware Cisco Wap131 Firmware Cisco Wap150 Firmware +4 more

Timeline

PublishedMay 6

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5cisco/cisco_business_wireless_access_point_softwaren/a

▶NVDcisco/wap125_firmware1.0.3.1

▶NVDcisco/wap131_firmware1.0.2.17

▶NVDcisco/wap150_firmware1.1.2.4

▶NVDcisco/wap351_firmware1.0.2.17

🔴Vulnerability Details

GHSA

GHSA-pw2v-g469-9h4v: Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could a↗2022-05-24

▶

CVEList

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities↗2021-05-06

▶

📋Vendor Advisories

Cisco

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities↗2021-05-05

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login↗2022-02-11

▶