CVE-2021-1554

CVE Database · CVE-2021-1554

CVE-2021-1554

· MEDIUMModified

CVSS v3.1

4.7

EPSS

1.58%

Published

May 22, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-77

Affected Products (12)

cisco · wap125_firmwarevulnerable

cisco · wap125

cisco · wap131_firmwarevulnerable

cisco · wap131

cisco · wap150_firmwarevulnerable

cisco · wap150

cisco · wap351_firmwarevulnerable

cisco · wap351

cisco · wap361_firmwarevulnerable

cisco · wap361

cisco · wap581_firmwarevulnerable

cisco · wap581

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs