← Back

CVE-2024-20336

nvd nist
Published: Mar 6, 2024Modified: Aug 5, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.2 / Impact: 5.2
Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

Affected (12)

Cisco
12 products
Wap121 Firmware
Wap125 Firmware
Wap131 Firmware
Wap150 Firmware
Wap320 Firmware
Wap321 Firmware
Wap351 Firmware
Wap361 Firmware
Wap571 Firmware
Wap371 Firmware
Wap571e Firmware
Wap581 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap121 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap121
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap125 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap125
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap131 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap131
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap150 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap150
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap320 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap320
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap321 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap321
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap351 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap351
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap361 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap361
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap571 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap571
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap371 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap371
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap571e Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap571e
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wap581 Firmware
All versions
Running on/withPlatform Versions
Cisco
Wap581
All versions

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.