CVE-2014-0659

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rvs4000_firmware:1.3.2.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rvs4000_firmware:1.3.3.5:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rvs4000_firmware:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rvs4000_firmware:2.0.2.7:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.03:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.13:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.1.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.2.1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wap4410n_firmware:2.0.2.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wap4410n_firmware:2.0.3.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:wap4410n_firmware:2.0.4.2:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:02

Type Values Removed Values Added
References () http://secunia.com/advisories/56292 - () http://secunia.com/advisories/56292 -
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd - Vendor Advisory
References () http://tools.cisco.com/security/center/viewAlert.x?alertId=32381 - Vendor Advisory () http://tools.cisco.com/security/center/viewAlert.x?alertId=32381 - Vendor Advisory
References () http://www.securityfocus.com/bid/64776 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/64776 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1029579 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1029579 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1029580 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1029580 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/90233 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/90233 -
References () https://github.com/elvanderb/TCP-32764 - Patch, Issue Tracking () https://github.com/elvanderb/TCP-32764 - Issue Tracking, Patch

Information

Published : 2014-01-12 18:34

Updated : 2024-11-21 02:02


NVD link : CVE-2014-0659

Mitre link : CVE-2014-0659

CVE.ORG link : CVE-2014-0659


JSON object : View

Products Affected

cisco

  • rvs4000_firmware
  • wap4410n
  • wrvs4400n_firmware
  • wap4410n_firmware
  • rvs4000
  • wrvs4400n
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')