Command Injection Vulnerability in Cisco SRP Series Devices
CVE-2012-0363

Currently unrated

Key Information:

Vendor: Cisco
Status: Small Business Srp520 Series Firmware; Small Business Srp521w; Small Business Srp526w; Small Business Srp527w
Vendor: CVE Published:; 25 February 2012

Summary

The web interface of Cisco's SRP 520 and 540 series devices is susceptible to a command injection vulnerability. This issue allows remote authenticated users to execute arbitrary commands through unspecified vectors. Devices running firmware versions prior to 1.1.26 for the SRP 520 series and versions before 1.2.4 for both the SRP 520W-U and SRP 540 series are particularly vulnerable, leading to potential unauthorized access and manipulation of the device. Proper security measures, including updating firmware to the latest versions, are critical to mitigate the risk associated with this vulnerability.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id?1026736

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Feb 25, 2012
Vulnerability Reserved
Jan 4, 2012