10
CVE-2014-0659
- EPSS 64.48%
- Published 12.01.2014 18:34:55
- Last modified 11.04.2025 00:51:21
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Rvs4000 Firmware Version <= 2.0.3.2
Cisco ≫ Rvs4000 Firmware Version1.3.2.0
Cisco ≫ Rvs4000 Firmware Version1.3.3.5
Cisco ≫ Rvs4000 Firmware Version2.0.0.3
Cisco ≫ Rvs4000 Firmware Version2.0.2.7
Cisco ≫ Wrvs4400n Firmware Version1.1.03
Cisco ≫ Wrvs4400n Firmware Version1.1.13
Cisco ≫ Wrvs4400n Firmware Version2.0.1.3
Cisco ≫ Wrvs4400n Firmware Version2.0.2.1
Cisco ≫ Wap4410n Firmware Version <= 2.0.6.1
Cisco ≫ Wap4410n Firmware Version2.0.2.1
Cisco ≫ Wap4410n Firmware Version2.0.3.3
Cisco ≫ Wap4410n Firmware Version2.0.4.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 64.48% | 0.983 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.