Cisco Aironet Access Point Software vulnerabilities

CVE-2025-20364 [MEDIUM] CWE-346 CVE-2025-20364: A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames with arbitrary information. This vulnerability is due to insufficient verification checks of incoming 802.11 action frames. An attacker could exploit thi

CVE-2025-20365 [MEDIUM] CWE-940 CVE-2025-20365: A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Softwa A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected device. This vulnerability is due to a logic error in the processing of IPv6 RA packets that are received from wireless clients. An attacker could exploit t

CVE-2024-20418 [CRITICAL] CWE-77 CVE-2024-20418: A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper valida

CVE-2024-20354 [HIGH] CWE-460 CVE-2024-20354: A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Soft A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit th

CVE-2024-20271 [HIGH] CWE-20 CVE-2024-20271: A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unaut A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 pac

CVE-2024-20265 [MEDIUM] CWE-501 CVE-2024-20265: A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticat A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical cons

CVE-2023-20176 [HIGH] CWE-400 CVE-2023-20176: A vulnerability in the networking component of Cisco access point (AP) software could allow an unaut A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a hi

CVE-2023-20268 [MEDIUM] CWE-400 CVE-2023-20268: A vulnerability in the packet processing functionality of Cisco access point (AP) software could all A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a s

CVE-2023-20097 [MEDIUM] CWE-77 CVE-2023-20097: A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller

CVE-2023-20056 [MEDIUM] CWE-78 CVE-2023-20056: A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticat A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a devi

CVE-2023-20112 [MEDIUM] CWE-126 CVE-2023-20112: A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacke A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 associatio

CVE-2022-20728 [MEDIUM] CWE-284 CVE-2022-20728: A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an u A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they

CVE-2022-20945 [MEDIUM] CWE-120 CVE-2022-20945: A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Poin A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received

CVE-2022-20622 [HIGH] CWE-770 CVE-2022-20622: A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catal A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usa

CVE-2021-34740 [HIGH] CWE-401 CVE-2021-34740: A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected

CVE-2021-1437 [HIGH] CWE-275 CVE-2021-1437: A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software co A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sen

CVE-2021-1439 [HIGH] CWE-120 CVE-2021-1439: A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points So A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability

CVE-2021-1423 [MEDIUM] CWE-668 CVE-2021-1423: A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could all A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted a

CVE-2021-1449 [MEDIUM] CWE-284 CVE-2021-1449: A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, loca A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that i

CVE-2020-3560 [HIGH] CWE-400 CVE-2020-3560: A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific po