A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
CVSS
No CVSS.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
History
05 Aug 2025, 14:38
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Cisco wap150 Firmware
Cisco wap125 Firmware Cisco wap571 Firmware Cisco wap320 Cisco wap581 Cisco wap351 Firmware Cisco wap581 Firmware Cisco wap351 Cisco wap321 Cisco wap361 Cisco wap131 Cisco wap371 Cisco Cisco wap571e Cisco wap361 Firmware Cisco wap121 Firmware Cisco wap121 Cisco wap371 Firmware Cisco wap321 Firmware Cisco wap131 Firmware Cisco wap571e Firmware Cisco wap320 Firmware Cisco wap150 Cisco wap125 Cisco wap571 |
|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB - Vendor Advisory | |
| CPE | cpe:2.3:h:cisco:wap320:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap571:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap321:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap131_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap125_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap361_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap121:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap351_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap371_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap371:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap571e:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap321_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap121_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap571_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap150_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap581_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap320_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:wap571e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:* |
06 Mar 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-06 17:15
Updated : 2025-08-05 14:38
NVD link : CVE-2024-20335
Mitre link : CVE-2024-20335
JSON object : View
Products Affected
cisco
- wap571e_firmware
- wap150
- wap320_firmware
- wap125
- wap571
- wap571_firmware
- wap571e
- wap361_firmware
- wap581_firmware
- wap321
- wap351
- wap125_firmware
- wap131
- wap351_firmware
- wap150_firmware
- wap361
- wap581
- wap121
- wap371
- wap121_firmware
- wap320
- wap371_firmware
- wap131_firmware
- wap321_firmware
CWE
No CWE.