Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated command injection in Cisco WAP125, WAP150, WAP361, WAP581 and EOL WAP121, WAP131, WAP321, WAP351 web interfaces allows root-level arbitrary command execution via crafted HTTP requests.
Vulnerability
Multiple authenticated command injection vulnerabilities exist in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points. The specific affected models are Cisco WAP125 (fixed in 1.0.4.3), WAP150 (fixed in 1.1.3.2), WAP361 (fixed in 1.1.3.2), and WAP581 (fixed in 1.0.4.4). Additionally, the end-of-life (EOL) models WAP121, WAP131, WAP321, and WAP351 are affected but will not receive a fix [1]. The vulnerabilities arise from improper validation of user-supplied input sent to the web-based management interface [1].
Exploitation
An attacker must already possess valid administrative credentials for the target device. With those credentials, the attacker can send crafted HTTP requests to the web-based management interface. The improper input validation allows the attacker to inject arbitrary operating system commands within the request [1]. No user interaction beyond the initial authentication is required on the part of the device’s legitimate administrator.
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with root privileges. This provides full control over the affected access point, including the ability to modify configuration, exfiltrate data, disrupt network connectivity, or use the device as a pivot point for further attacks [1].
Mitigation
Cisco has released firmware updates for supported models: WAP125 to version 1.0.4.3, WAP150 and WAP361 to version 1.1.3.2, and WAP581 to version 1.0.4.4 [1]. The EOL models WAP121, WAP131, WAP321, and WAP351 will not receive fixes; Cisco recommends replacing them with a supported product as outlined in the Cisco Security Advisory [1]. There is no known workaround for the vulnerabilities. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of May 2025.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Business Wireless Access Point Softwarev5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdGmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.