CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-20287
https://notcve.org/view.php?id=CVE-2024-20287
17 Jan 2024 — A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-0412
https://notcve.org/view.php?id=CVE-2018-0412
15 Aug 2018 — A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received durin... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-sb-wap-encrypt • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-0415
https://notcve.org/view.php?id=CVE-2018-0415
15 Aug 2018 — A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an ... • http://www.securityfocus.com/bid/105116 • CWE-388: 7PK - Errors •