A vulnerability in the web interface that is used to update the system time on Cisco Small Business 500 Series Wireless Access Point devices could allow an unauthenticated, remote attacker to impact the integrity of a system.
The vulnerability is due to insufficient validation of user-controlled parameters in HTTP POST requests. An attacker could exploit this vulnerability by sending an HTTP POST request with crafted user parameters that update the system time maliciously. An exploit could allow the attacker to impact the integrity of the system because the user parameters are not properly validated.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160216-wap["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160216-wap"]