CVE-2021-1554

CWE-77 — Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

0.7%

top 28.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Wap125 Firmware Cisco Wap131 Firmware Cisco Wap150 Firmware +4 more

Timeline

PublishedMay 22

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages7 packages

▶CVEListV5cisco/cisco_business_wireless_access_point_softwaren/a

▶NVDcisco/wap125_firmware1.0.3.1

▶NVDcisco/wap131_firmware1.0.2.17

▶NVDcisco/wap150_firmware1.1.2.4

▶NVDcisco/wap351_firmware1.0.2.17

🔴Vulnerability Details

GHSA

GHSA-q5f8-x86w-62vc: Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could a↗2022-05-24

▶

CVEList

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities↗2021-05-22

▶

📋Vendor Advisories

Cisco

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities↗2021-05-19

▶