Unrated severityNVD Advisory· Published Aug 15, 2018· Updated Nov 26, 2024

CVE-2018-0415

Description

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper EAPOL frame processing in Cisco Small Business 100/300 Series WAPs lets authenticated adjacent attackers cause a denial of service by forcing station disassociation.

Vulnerability

The vulnerability resides in the Extensible Authentication Protocol over LAN (EAPOL) functionality of Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points. It is caused by improper processing of certain EAPOL frames. Affected models include all devices running vulnerable firmware versions; for exact software releases, refer to Cisco bug ID CSCvj97472 [1].

Exploitation

An attacker must be an authenticated, adjacent client with network access to the target access point. The exploit involves sending a stream of crafted EAPOL frames to the affected device [1]. No user interaction on the victim side is required beyond the attacker's proximity and authentication [1].

Impact

Successful exploitation forces the access point to disassociate all connected stations (STAs) and reject new association requests, resulting in a complete denial of service for wireless clients [1]. The attack does not provide code execution or data disclosure; the impact is limited to availability.

Mitigation

Cisco has not released a fix as of the advisory date (2018-08-15) [1]. No workarounds are available [1]. Affected users should monitor Cisco's advisory page for future software updates and plan to upgrade when fixed releases become available [1].

References

Cisco Security Advisory: Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Small Business 100 Series Wireless Access Pointsllm-create
Cisco Systems, Inc./Small Business Wireless Access Ppointscpe-rescue2 versions
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-csb-wap-dosmitrevendor-advisoryx_refsource_CISCO
www.securityfocus.com/bid/105116mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000