Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Small Business WAP series web interface vulnerability allows authenticated attackers with no admin rights to obtain sensitive info and impersonate users, leading to full compromise.
Vulnerability
The vulnerability exists in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points. It is due to insufficient input validation. An authenticated, remote attacker without administrative privileges can exploit this flaw to obtain sensitive information. Affected products include WAP125 (1.0.3.1 and earlier), WAP131 (1.0.2.17 and earlier), WAP150 (1.1.2.4 and earlier), WAP351 (1.0.2.17 and earlier), WAP361 (1.1.2.4 and earlier), and WAP581 (1.0.3.1 and earlier). Note that WAP131 and WAP351 are end-of-life (EOL) [1][2].
Exploitation
An attacker only needs valid credentials for the device (no administrative privileges required) and network access to the management interface. The attacker sends a crafted HTTP request to the web-based management interface [1]. No user interaction is required.
Impact
Successful exploitation allows the attacker to impersonate another user, including an administrative user, on the device [1]. This can lead to full compromise of confidentiality, integrity, and availability (CVSS base score 8.8) [1][2].
Mitigation
Cisco has released software updates to address this vulnerability. There are no workarounds [1]. For EOL models (WAP131 and WAP351), no fix is available and upgrading to supported hardware is recommended [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/en/jp/JVN71263107/index.htmlmitrethird-party-advisoryx_refsource_JVN
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhFmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.