← Back

CVE-2014-7994

nvd nist
Published: Dec 24, 2014Modified: May 6, 2026

JSON object

Loading...
5.4
Vector
AV:A/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 5.5 / Impact: 6.4
Source: NVD

Description

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.

Affected (6)

Cisco
6 products
Meraki Mr Firmware
Meraki Mr
Meraki Mx Firmware
Meraki Mx
Meraki Ms Firmware
Meraki Ms
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Meraki Mr Firmware
Up to 2014-09-24
Meraki Mr
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Meraki Mx Firmware
Up to 2014-09-24
Meraki Mx
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Meraki Ms Firmware
Up to 2014-09-24
Meraki Ms
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.