← Back

CVE-2021-1553

nvd nist
Published: May 22, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.

Affected (6)

Cisco
6 products
Wap125 Firmware
Wap131 Firmware
Wap150 Firmware
Wap351 Firmware
Wap361 Firmware
Wap581 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap125 Firmware
Up to 1.0.3.1
Running on/withPlatform Versions
Cisco
Wap125
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap131 Firmware
Up to 1.0.2.17
Running on/withPlatform Versions
Cisco
Wap131
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap150 Firmware
Up to 1.1.2.4
Running on/withPlatform Versions
Cisco
Wap150
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap351 Firmware
Up to 1.0.2.17
Running on/withPlatform Versions
Cisco
Wap351
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap361 Firmware
Up to 1.1.2.4
Running on/withPlatform Versions
Cisco
Wap361
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap581 Firmware
Up to 1.0.3.1
Running on/withPlatform Versions
Cisco
Wap581
All versions

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.