发布日期：2021-05-05
更新日期：2021-05-06

受影响系统：

Cisco WAP125 Wireless-AC Dual Band Desktop Access Point <= 1.0.3.1
Cisco WAP131 Wireless-N Dual Radio Access Point with PoE <= 1.0.2.17
Cisco WAP150 Wireless-AC/N Dual Radio Access Point with <= 1.1.2.4
Cisco WAP351 Wireless-N Dual Radio Access Point with 5-P <= 1.0.2.17
Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access <= 1.1.2.4
Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point <= 1.0.3.1

描述：

---

CVE(CAN) ID: CVE-2021-1400

Cisco Small Business 100, 300和500 Series Wireless Access Points（WAP）是一种网络设备，允许具有无线功能的设备连接到有线网络。
Cisco Small Business 100, 300和500 Series Wireless Access Points的web管理界面存在信息泄露漏洞。该漏洞源于程序未对用户输入进行正确处理。经过身份认证的远程攻击者可通过发送特制的HTTP请求利用该漏洞获取敏感信息。

<*来源：Shuto Imai（LAC Co., Ltd）
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-sb-wap-multi-ZAfKGXhF）以及相应补丁:
cisco-sa-sb-wap-multi-ZAfKGXhF：Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF

浏览次数：1167
严重程度：0（网友投票）