CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2017-3834
https://notcve.org/view.php?id=CVE-2017-3834
A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. • http://www.securityfocus.com/bid/97422 http://www.securitytracker.com/id/1038181 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame • CWE-255: Credentials Management Errors CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2017-3831
https://notcve.org/view.php?id=CVE-2017-3831
A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. • http://www.securityfocus.com/bid/96909 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1418
https://notcve.org/view.php?id=CVE-2016-1418
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. Cisco Aironet Access Point Software 8.2(100.0) en puntos de acceso 1830e, 1830i, 1850e, 1850i, 2800 y 3800 permite a usuarios locales obtener acceso root en Linux a través de parámetros de comando CLI manipulados, también conocido como Bug ID CSCuy64037. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap http://www.securitytracker.com/id/1036042 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-6336
https://notcve.org/view.php?id=CVE-2015-6336
Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062. Dispositivos Cisco Aironet 1800 con software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4) y 8.1(15.14) tienen una cuenta por defecto, lo que hace que sea más fácil para atacantes remotos obtener acceso a través de vectores no especificados, también conocido como Bug ID CSCuw58062. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air http://www.securitytracker.com/id/1034667 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-6320
https://notcve.org/view.php?id=CVE-2015-6320
The IP ingress packet handler on Cisco Aironet 1800 devices with software 8.1(112.3) and 8.1(112.4) allows remote attackers to cause a denial of service via a crafted header in an IP packet, aka Bug ID CSCuv63138. El manejador de paquetes IP de entrada en dispositivos Cisco Aironet 1800 con software 8.1(112.3) and 8.1(112.4) permite a atacantes remotos causar una denegación de servicio a través de una cabecera manipulada en un paquete IP, también conocido como Bug ID CSCuv63138. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-aironet http://www.securitytracker.com/id/1034668 • CWE-399: Resource Management Errors •