Command injection

2012-02-2504:21:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.7%

JSON

The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a “command injection vulnerability,” aka Bug ID CSCtt46871.

CPENameOperatorVersion
small_business_srp520-u_series_firmwareeq1.1.0
small_business_srp520_series_firmwarele1.01.24
small_business_srp520_series_firmwareeq1.01.01
small_business_srp520_series_firmwareeq1.01.09
small_business_srp520_series_firmwareeq1.01.11
small_business_srp520_series_firmwareeq1.01.19
small_business_srp520_series_firmwareeq1.01.23
small_business_srp540_series_firmwarele1.02.01
small_business_srp540_series_firmwareeq1.02.00.023

Name	Operator	Version
small_business_srp520-u_series_firmware	eq	1.1.0
small_business_srp520_series_firmware	le	1.01.24
small_business_srp520_series_firmware	eq	1.01.01
small_business_srp520_series_firmware	eq	1.01.09
small_business_srp520_series_firmware	eq	1.01.11
small_business_srp520_series_firmware	eq	1.01.19
small_business_srp520_series_firmware	eq	1.01.23
small_business_srp540_series_firmware	le	1.02.01
small_business_srp540_series_firmware	eq	1.02.00.023