Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated remote command injection flaw in Cisco Small Business 100, 300, and 500 series WAPs allows root-level code execution via crafted HTTP requests.
Vulnerability
Multiple command injection vulnerabilities exist in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless Access Points (models in the WAP125, WAP150, WAP361, WAP581, WAP121, WAP131, WAP321, and WAP351 families). The flaws arise from improper validation of user-supplied input. Affected firmware versions were those prior to the fixed releases: 1.0.4.3 for WAP125, 1.1.3.2 for WAP150 and WAP361, and 1.0.4.4 for WAP581. WAP121, WAP131, WAP321, and WAP351 are end-of-life and will not receive fixes [1].
Exploitation
An attacker must first obtain valid administrative credentials for the device. With those credentials, the attacker sends crafted HTTP requests to the web-based management interface of the affected access point. The forged requests inject operating system commands into fields that are not properly sanitized, leading to command execution [1].
Impact
Successful exploitation allows the attacker to execute arbitrary commands with root privileges on the device. This gives the attacker full control over the wireless access point, enabling activities such as modifying configuration, intercepting network traffic, or pivoting to other internal resources [1].
Mitigation
Cisco released fixed firmware versions: 1.0.4.3 for WAP125, 1.1.3.2 for WAP150 and WAP361, and 1.0.4.4 for WAP581. For the end-of-life WAP121, WAP131, WAP321, and WAP351 devices, no firmware updates are available; customers are advised to migrate to supported products as detailed in the associated end-of-life notices. No workaround is documented. There is no indication that this CVE is listed in the CISA Known Exploited Vulnerabilities catalog as of the publication date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Business Wireless Access Point Softwarev5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdGmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.