10

CVE-2014-0659

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoRvs4000 Firmware Version <= 2.0.3.2
CiscoRvs4000 Firmware Version1.3.2.0
CiscoRvs4000 Firmware Version1.3.3.5
CiscoRvs4000 Firmware Version2.0.0.3
CiscoRvs4000 Firmware Version2.0.2.7
CiscoRvs4000 Version-
CiscoWrvs4400n Firmware Version1.1.03
CiscoWrvs4400n Firmware Version1.1.13
CiscoWrvs4400n Firmware Version2.0.1.3
CiscoWrvs4400n Firmware Version2.0.2.1
CiscoWrvs4400n Version-
CiscoWap4410n Firmware Version <= 2.0.6.1
CiscoWap4410n Firmware Version2.0.2.1
CiscoWap4410n Firmware Version2.0.3.3
CiscoWap4410n Firmware Version2.0.4.2
CiscoWap4410n Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 64.48% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://www.securityfocus.com/bid/64776
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029579
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1029580
Third Party Advisory
VDB Entry