发布日期：2021-05-19
更新日期：2021-05-24

受影响系统：

Cisco WAP150 Wireless-AC/N Dual Radio Access Point <= 1.1.2.4
Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point <= 1.1.2.4
Cisco WAP125 Wireless-AC Dual Band Desktop Access Point <= 1.0.3.1
Cisco WAP131 Wireless-N Dual Radio Access Point with PoE <= 1.0.2.17
Cisco WAP351 Wireless-N Dual Radio Access Point with 5-P <= 1.0.2.17
Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point <= 1.0.3.1

描述：

---

CVE(CAN) ID: CVE-2021-1549

Cisco Small Business 100, 300和500 Series Wireless Access Points（WAP）是一种网络设备，允许具有无线功能的设备连接到有线网络。
Cisco Small Business 100, 300和500 Series Wireless Access Points的web管理界面存在命令注入漏洞。该漏洞源于程序未对用户输入进行正确处理。经过身份认证的远程攻击者可通过发送特制的HTTP请求利用该漏洞以root权限执行任意命令。

<*来源：KrCERT/CC Vulnerability Analysis Team
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-sb-wap-inject-Mp9FSdG）以及相应补丁:
cisco-sa-sb-wap-inject-Mp9FSdG：Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG

浏览次数：763
严重程度：0（网友投票）