A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
26 Jan 2024, 18:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
CPE | cpe:2.3:o:cisco:wap371_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap371:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO - Vendor Advisory |
17 Jan 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-17 17:15
Updated : 2024-02-02 16:15
NVD link : CVE-2024-20287
Mitre link : CVE-2024-20287
CVE.ORG link : CVE-2024-20287
JSON object : View
Products Affected
cisco
- wap371
- wap371_firmware