The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500 | Patch Vendor Advisory |
http://www.securitytracker.com/id?1026736 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2012-02-24 20:21
Updated : 2018-01-03 18:29
NVD link : CVE-2012-0363
Mitre link : CVE-2012-0363
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
cisco
- small_business_srp521w-u
- small_business_srp527w
- small_business_srp527w-u
- small_business_srp526w
- small_business_srp520-u_series_firmware
- small_business_srp547w
- small_business_srp546w
- small_business_srp521w
- small_business_srp541w
- small_business_srp540_series_firmware
- small_business_srp520_series_firmware
- small_business_srp526w-u