Vulnerability Description
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Wap121 Firmware | - |
| Cisco | Wap121 | - |
| Cisco | Wap125 Firmware | - |
| Cisco | Wap125 | - |
| Cisco | Wap131 Firmware | - |
| Cisco | Wap131 | - |
| Cisco | Wap150 Firmware | - |
| Cisco | Wap150 | - |
| Cisco | Wap320 Firmware | - |
| Cisco | Wap320 | - |
| Cisco | Wap321 Firmware | - |
| Cisco | Wap321 | - |
| Cisco | Wap351 Firmware | - |
| Cisco | Wap351 | - |
| Cisco | Wap361 Firmware | - |
| Cisco | Wap361 | - |
| Cisco | Wap571 Firmware | - |
| Cisco | Wap571 | - |
| Cisco | Wap371 Firmware | - |
| Cisco | Wap371 | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2024-20336?
CVE-2024-20336 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against a...
How severe is CVE-2024-20336?
CVE-2024-20336 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20336?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Wap121 Firmware, Cisco Wap121, Cisco Wap125 Firmware, Cisco Wap125, Cisco Wap131 Firmware.