CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-0284 – Cisco Meraki Local Status Page Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0284
08 Nov 2018 — A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from ... • http://www.securityfocus.com/bid/105878 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2014-7999
https://notcve.org/view.php?id=CVE-2014-7999
24 Dec 2014 — Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a usuarios remotos autenticados instalar firmware arbitrario aprovechando un un manejador HTTP no especificado para accediendo desde la red local, también conocido como aka Cisco-Meraki defe... • http://tools.cisco.com/security/center/viewAlert.x?alertId=36800 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-7993
https://notcve.org/view.php?id=CVE-2014-7993
24 Dec 2014 — Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anrerior a 2014-09-24 permiten a atacantes remotos obtener información sensible de credenciales aprovechando un manejador de acceso HTTP no especificado em ña red local, también conocido como Cisco-Meraki defect ID 003... • http://tools.cisco.com/security/center/viewAlert.x?alertId=36797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2014-7995
https://notcve.org/view.php?id=CVE-2014-7995
24 Dec 2014 — Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a atacantes físicamente cercanos obtener acceso shell mediante la apertura de la caja y conexión a través del puerto serial, también conocido como Cisco-Meraki defect ID 00302077. • http://tools.cisco.com/security/center/viewAlert.x?alertId=36799 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-7994
https://notcve.org/view.php?id=CVE-2014-7994
24 Dec 2014 — Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anterior a 2014-09-24 permiten a atacantes remotos ejecutar comandos arbitrarios mediante el aprovechamiento del conocimiento de un secreto del tipo e... • http://tools.cisco.com/security/center/viewAlert.x?alertId=36798 • CWE-20: Improper Input Validation •