Remote Command Execution Vulnerability in Cisco Meraki Devices

CVE-2014-7994

Summary

Cisco Meraki MS, MR, and MX devices prior to the firmware version released on September 24, 2014, are susceptible to a vulnerability that permits remote attackers to execute arbitrary commands. This exploit arises from the exploitation of both a cross-device secret and a per-device secret. Attackers can execute unauthorized commands by sending specially crafted requests to an unspecified HTTP handler within the local network, thereby compromising the security configuration of the affected devices. Organizations using these devices should ensure they are running updated firmware to mitigate potential risks.

References