CVE-2024-20336

CVE Database · CVE-2024-20336

CVE-2024-20336

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

0.79%

Published

Mar 6, 2024

Modified

Aug 5, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-121

Affected Products (24)

cisco · wap121_firmwarevulnerable

cisco · wap121

cisco · wap125_firmwarevulnerable

cisco · wap125

cisco · wap131_firmwarevulnerable

cisco · wap131

cisco · wap150_firmwarevulnerable

cisco · wap150

cisco · wap320_firmwarevulnerable

cisco · wap320

cisco · wap321_firmwarevulnerable

cisco · wap321

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs