Published:2021/05/14  Last Updated:2021/05/14

JVN#71263107
Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points

Overview

Cisco Small Business Series Wireless Access Points contain multiple vulnerabilities.

Products Affected

  • WAP125 Wireless-AC Dual Band Desktop Access Point with PoE 1.0.3.1 and earlier
  • WAP131 Wireless-N Dual Radio Access Point with PoE 1.0.2.17 and earlier
  • WAP150 Wireless-AC/N Dual Radio Access Point with PoE 1.1.2.4 and earlier
  • WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch 1.0.2.17 and earlier
  • WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE 1.1.2.4 and earlier
  • WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN 1.0.3.1 and earlier
The developer states that WAP131 Wireless-N Dual Radio Access Point with PoE and WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch are no longer supported (End-of-Life, EOL).  For details, refer to the information provided by the developer.

Description

 Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below.

  • Improper access control (CWE-284) - CVE-2021-1400
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:N/AC:L/Au:S/C:C/I:C/A:C Base Score: 9.0
  • Command injection (CWE-78) - CVE-2021-1401
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Base Score: 5.5
    CVSS v2 AV:N/AC:M/Au:S/C:C/I:P/A:N Base Score: 7.0

Impact

The impacts may vary depending on the vulnerabilities, however, the followings are the possible impacts if an attacker who can access the affected device sends a specially crafted HTTP request to the administrative web interface of the device;

  • Impersonate a user including an administrator - CVE-2021-1400
  • An arbitrary command may be executed with the administrative privilege of the device - CVE-2021-1401

Solution

Update the firmware
Apply the appropriate firmware update according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Shuto Imai of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-1400
CVE-2021-1401
JVN iPedia JVNDB-2021-000038