Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities

Vulnerability

The web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points is vulnerable to command injection (CWE-78). Affected models include WAP125 (1.0.3.1 and earlier), WAP131 (1.0.2.17 and earlier), WAP150 (1.1.2.4 and earlier), WAP351 (1.0.2.17 and earlier), WAP361 (1.1.2.4 and earlier), and WAP581 (1.0.3.1 and earlier) [1][2]. The vulnerability is due to improper input validation of user-supplied input [1].

Exploitation

An attacker must have valid administrative credentials for the device. By sending a crafted HTTP request to the web-based management interface, the attacker can exploit the improper input validation to inject arbitrary commands [1]. No user interaction is required, and the attack can be carried out remotely over the network [1][2].

Impact

Successful exploitation allows the attacker to execute arbitrary commands with administrative privileges on the affected device [1]. The CVSS base score is 5.5 (High confidentiality impact, Low integrity impact, no availability impact) [2]. The attacker can fully compromise the confidentiality of the device and partially alter its configuration or data.

Mitigation

Cisco has released software updates addressing this vulnerability; users should upgrade to the latest firmware for their respective models [1]. There are no workarounds that mitigate the vulnerability [1]. Note that WAP131 and WAP351 are End-of-Life (EOL) and no longer supported, so upgrading may not be possible for those models [2].