cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-20271,https://securityvulnerability.io/vulnerability/CVE-2024-20271,Cisco Access Point Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the IP packet processing of Cisco Access Point Software allows an unauthenticated, remote attacker to exploit specific weaknesses in input validation of IPv4 packets. By sending specially crafted IPv4 packets to or through an affected device, an attacker can induce an unexpected reload of the device, resulting in a denial of service (DoS) condition. Importantly, exploitation does not require the attacker to be associated with the access point, making this a significant risk to network availability. This issue does not affect IPv6 packet processing.",Cisco,"Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",8.6,HIGH,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:05:27.473Z,0
CVE-2024-20265,https://securityvulnerability.io/vulnerability/CVE-2024-20265,Unauthenticated Attacker Could Bypass Cisco Secure Boot Validation and Load Tampered Image on Affected Device,"A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.

 This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.",Cisco,"Cisco iOS Xe Software,Cisco Aironet Access Point Software,Cisco Business Wireless Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller)",5.9,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-27T17:03:54.505Z,0
CVE-2024-20336,https://securityvulnerability.io/vulnerability/CVE-2024-20336,Cisco Small Business Switches Vulnerability: Arbitrary Code Execution via Web Interface,"A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.",Cisco,Cisco Business Wireless Access Point Software,6.5,MEDIUM,0.0006099999882280827,false,false,false,true,,false,false,2024-03-06T16:31:10.729Z,0
CVE-2024-20335,https://securityvulnerability.io/vulnerability/CVE-2024-20335,Cisco Small Business Wireless Access Points Vulnerability,"A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.",Cisco,Cisco Business Wireless Access Point Software,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-06T16:30:39.235Z,0
CVE-2024-20287,https://securityvulnerability.io/vulnerability/CVE-2024-20287,Command Injection Vulnerability in Cisco WAP371 Wireless Access Point,"A security vulnerability exists in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point that could allow an authenticated remote attacker to perform command injection attacks. This issue arises from inadequate validation of user-supplied input, enabling a potential attacker with administrative credentials to craft and send malicious HTTP requests. If successfully exploited, this vulnerability grants the attacker the ability to execute arbitrary commands with root privileges, ultimately compromising the device's security and functionality. Safeguarding the management interface and ensuring secure administrative practices are crucial to mitigating this risk.",Cisco,Cisco Business Wireless Access Point Software,7.2,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2024-01-17T16:58:01.192Z,0
CVE-2023-20268,https://securityvulnerability.io/vulnerability/CVE-2023-20268,Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability,"A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. 

This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.",Cisco,"Cisco Aironet Access Point Software,Cisco Aironet Access Point Software (iOS Xe Controller),Cisco Business Wireless Access Point Software",4.7,MEDIUM,0.0004400000034365803,false,false,false,true,,false,false,2023-09-27T18:15:00.000Z,0
CVE-2023-20003,https://securityvulnerability.io/vulnerability/CVE-2023-20003,Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability,"A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0008200000156648457,false,false,false,true,,false,false,2023-05-18T03:15:00.000Z,0
CVE-2021-1553,https://securityvulnerability.io/vulnerability/CVE-2021-1553,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1555,https://securityvulnerability.io/vulnerability/CVE-2021-1555,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1554,https://securityvulnerability.io/vulnerability/CVE-2021-1554,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1547,https://securityvulnerability.io/vulnerability/CVE-2021-1547,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1548,https://securityvulnerability.io/vulnerability/CVE-2021-1548,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1549,https://securityvulnerability.io/vulnerability/CVE-2021-1549,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1550,https://securityvulnerability.io/vulnerability/CVE-2021-1550,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1551,https://securityvulnerability.io/vulnerability/CVE-2021-1551,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1552,https://securityvulnerability.io/vulnerability/CVE-2021-1552,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.",Cisco,Cisco Business Wireless Access Point Software,4.7,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2021-05-22T07:15:00.000Z,0
CVE-2021-1400,https://securityvulnerability.io/vulnerability/CVE-2021-1400,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Business Wireless Access Point Software,8.8,HIGH,0.0014799999771639705,false,false,false,true,,false,false,2021-05-06T13:15:00.000Z,0
CVE-2021-1401,https://securityvulnerability.io/vulnerability/CVE-2021-1401,"Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities","Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Business Wireless Access Point Software,8.8,HIGH,0.001560000004246831,false,false,false,true,,false,false,2021-05-06T13:15:00.000Z,0