Search criteria
4 vulnerabilities found for wap581 by cisco
VAR-202105-0510
Vulnerability from variot - Updated: 2023-12-18 11:40Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company.
Cisco Small Business has an input validation error vulnerability, which is caused by a validation error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0510",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wap351",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap131",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap150",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap361",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap581",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "wap125",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "cisco wap581",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap131",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap361",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap125",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap150",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap351",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "100"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "NVD",
"id": "CVE-2021-1555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap581_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1555"
}
]
},
"cve": "CVE-2021-1555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-1555",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CNVD-2021-37125",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1555",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-1555",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-37125",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1344",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1344"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company. \n\r\n\r\nCisco Small Business has an input validation error vulnerability, which is caused by a validation error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-1555"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1555",
"trust": 3.9
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.2",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-37125",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.3",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1344",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-1555",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"db": "VULMON",
"id": "CVE-2021-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1344"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202105-0510",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
}
],
"trust": 1.2111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
}
]
},
"last_update_date": "2023-12-18T11:40:49.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-wap-inject-Mp9FSdG",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"title": "Patch for Cisco Small Business Input Validation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/267801"
},
{
"title": "Cisco Small Business Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152229"
},
{
"title": "Cisco: Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sb-wap-inject-mp9fsdg"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"db": "VULMON",
"id": "CVE-2021-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "NVD",
"id": "CVE-2021-1555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.2"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1555"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.3"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"db": "VULMON",
"id": "CVE-2021-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1344"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"db": "VULMON",
"id": "CVE-2021-1555"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1344"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1555"
},
{
"date": "2022-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"date": "2021-05-22T07:15:07.787000",
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1344"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37125"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1555"
},
{
"date": "2022-02-04T01:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-007203"
},
{
"date": "2023-11-07T03:28:37.110000",
"db": "NVD",
"id": "CVE-2021-1555"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1344"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1344"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Small\u00a0Business\u00a0Series\u00a0Wireless\u00a0Access\u00a0Points\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007203"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1344"
}
],
"trust": 0.6
}
}
VAR-202105-0508
Vulnerability from variot - Updated: 2023-12-18 11:28Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company.
Cisco Small Business has an input validation error vulnerability, which is caused by a validation error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wap351",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap131",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap150",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap361",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap581",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "wap125",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "cisco wap581",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap131",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap361",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap125",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap150",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap351",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "100"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "NVD",
"id": "CVE-2021-1553"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap581_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1553"
}
]
},
"cve": "CVE-2021-1553",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-1553",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CNVD-2021-37127",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1553",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-1553",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1553",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-37127",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1342",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1342"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company. \n\r\n\r\nCisco Small Business has an input validation error vulnerability, which is caused by a validation error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-1553"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1553",
"trust": 3.9
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.2",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-37127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.3",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1342",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-1553",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"db": "VULMON",
"id": "CVE-2021-1553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1342"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202105-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
}
],
"trust": 1.2111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
}
]
},
"last_update_date": "2023-12-18T11:28:29.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-wap-inject-Mp9FSdG",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"title": "Patch for Cisco Small Business input validation error vulnerability (CNVD-2021-37127)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/267811"
},
{
"title": "Cisco Small Business Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152227"
},
{
"title": "Cisco: Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sb-wap-inject-mp9fsdg"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"db": "VULMON",
"id": "CVE-2021-1553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1342"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "NVD",
"id": "CVE-2021-1553"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.2"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1553"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.3"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"db": "VULMON",
"id": "CVE-2021-1553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1342"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"db": "VULMON",
"id": "CVE-2021-1553"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1342"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1553"
},
{
"date": "2022-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"date": "2021-05-22T07:15:07.700000",
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1342"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37127"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1553"
},
{
"date": "2022-02-04T02:26:00",
"db": "JVNDB",
"id": "JVNDB-2021-007205"
},
{
"date": "2023-11-07T03:28:36.743000",
"db": "NVD",
"id": "CVE-2021-1553"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1342"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Small\u00a0Business\u00a0Series\u00a0Wireless\u00a0Access\u00a0Points\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007205"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1342"
}
],
"trust": 0.6
}
}
VAR-202105-0507
Vulnerability from variot - Updated: 2023-12-18 11:23Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company.
The Cisco Small Business product has an input verification error vulnerability, which is caused by a verification error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wap351",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap131",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap150",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap361",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap581",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "wap125",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "cisco wap581",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap131",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap361",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap125",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap150",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap351",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "100"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "NVD",
"id": "CVE-2021-1552"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap581_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1552"
}
]
},
"cve": "CVE-2021-1552",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-1552",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CNVD-2021-37126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1552",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-1552",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1552",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-37126",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1341",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1341"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company. \n\r\n\r\nThe Cisco Small Business product has an input verification error vulnerability, which is caused by a verification error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-1552"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1552",
"trust": 3.9
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.2",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-37126",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.3",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1341",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-1552",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"db": "VULMON",
"id": "CVE-2021-1552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1341"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202105-0507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
}
],
"trust": 1.2111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
}
]
},
"last_update_date": "2023-12-18T11:23:15.390000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-wap-inject-Mp9FSdG",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"title": "Patch for Cisco Small Business input validation error vulnerability (CNVD-2021-37126)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/267816"
},
{
"title": "Cisco Small Business Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152226"
},
{
"title": "Cisco: Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sb-wap-inject-mp9fsdg"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"db": "VULMON",
"id": "CVE-2021-1552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1341"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "NVD",
"id": "CVE-2021-1552"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.2"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1552"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.3"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"db": "VULMON",
"id": "CVE-2021-1552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1341"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"db": "VULMON",
"id": "CVE-2021-1552"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1341"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1552"
},
{
"date": "2022-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"date": "2021-05-22T07:15:07.653000",
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1341"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37126"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1552"
},
{
"date": "2022-02-04T02:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-007211"
},
{
"date": "2023-11-07T03:28:36.573000",
"db": "NVD",
"id": "CVE-2021-1552"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1341"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Small\u00a0Business\u00a0Series\u00a0Wireless\u00a0Access\u00a0Points\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007211"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1341"
}
],
"trust": 0.6
}
}
VAR-202105-0509
Vulnerability from variot - Updated: 2023-12-18 10:44Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company.
Cisco Small Business has an input validation error vulnerability, which is caused by a validation error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0509",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wap351",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap131",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.17"
},
{
"model": "wap150",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap361",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.4"
},
{
"model": "wap581",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "wap125",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.1"
},
{
"model": "cisco wap581",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap131",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap361",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap125",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap150",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco wap351",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "100"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "300"
},
{
"model": "small business series wireless",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "NVD",
"id": "CVE-2021-1554"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap125_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap125:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap131_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap351_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap361_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap361:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:wap581_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap581:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1554"
}
]
},
"cve": "CVE-2021-1554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-1554",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CNVD-2021-37128",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1554",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-1554",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1554",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-37128",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1343",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-1554",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"db": "VULMON",
"id": "CVE-2021-1554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1343"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit these vulnerabilities, the attacker must have valid administrative credentials for the device. Cisco Small Business is a switch of the US Cisco (Cisco) company. \n\r\n\r\nCisco Small Business has an input validation error vulnerability, which is caused by a validation error provided to the user. Attackers can use this vulnerability to execute command injections for attacks on affected devices. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-1554"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1554",
"trust": 3.9
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.2",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-37128",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1777.3",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1343",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-1554",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"db": "VULMON",
"id": "CVE-2021-1554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1343"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"id": "VAR-202105-0509",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
}
],
"trust": 1.2111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
}
]
},
"last_update_date": "2023-12-18T10:44:10.748000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-wap-inject-Mp9FSdG",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"title": "Patch for Cisco Small Business input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/267821"
},
{
"title": "Cisco Small Business Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=152228"
},
{
"title": "Cisco: Cisco\u00a0Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sb-wap-inject-mp9fsdg"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"db": "VULMON",
"id": "CVE-2021-1554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "NVD",
"id": "CVE-2021-1554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-wap-inject-mp9fsdg"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.2"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1554"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1777.3"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"db": "VULMON",
"id": "CVE-2021-1554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1343"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"db": "VULMON",
"id": "CVE-2021-1554"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1343"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1554"
},
{
"date": "2022-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"date": "2021-05-22T07:15:07.747000",
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"date": "2021-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1343"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-37128"
},
{
"date": "2021-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1554"
},
{
"date": "2022-02-04T02:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-007204"
},
{
"date": "2023-11-07T03:28:36.920000",
"db": "NVD",
"id": "CVE-2021-1554"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1343"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1343"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Small\u00a0Business\u00a0Series\u00a0Wireless\u00a0Access\u00a0Points\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1343"
}
],
"trust": 0.6
}
}