CVE-2011-4005

Published: Nov 3, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.

Affected (12)

Products: Cisco: Small Business Srp521w, Small Business Srp526w, Small Business Srp527w, Small Business Srp520 Series Firmware, Small Business Srp541w, Small Business Srp546w, Small Business Srp547w, Small Business Srp540 Series Firmware

Cisco

8 products

Small Business Srp521w

Small Business Srp526w

Small Business Srp527w

Small Business Srp520 Series Firmware

Small Business Srp541w

Small Business Srp546w

Small Business Srp547w

Small Business Srp540 Series Firmware

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Cisco Small Business Srp521w	All versions
Cisco Small Business Srp526w	All versions
Cisco Small Business Srp527w	All versions
Cisco Small Business Srp520 Series Firmware	Up to 1.01.23
Cisco Small Business Srp520 Series Firmware	Version 1.00.06
Cisco Small Business Srp520 Series Firmware	Version 1.01.01
Cisco Small Business Srp520 Series Firmware	Version 1.01.19_mr3

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Small Business Srp541w	All versions
Cisco Small Business Srp546w	All versions
Cisco Small Business Srp547w	All versions
Cisco Small Business Srp540 Series Firmware	Up to 1.02.01_mr2
Cisco Small Business Srp540 Series Firmware	Version 1.02.00