CVE-2012-0363

The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
ciscosmall_business_srp520_series_firmware
𝑥
≤ 1.01.24
ciscosmall_business_srp520_series_firmware
1.01.01
ciscosmall_business_srp520_series_firmware
1.01.09
ciscosmall_business_srp520_series_firmware
1.01.11
ciscosmall_business_srp520_series_firmware
1.01.19
ciscosmall_business_srp520_series_firmware
1.01.23
ciscosmall_business_srp521w
*
ciscosmall_business_srp526w
*
ciscosmall_business_srp527w
*
ciscosmall_business_srp520-u_series_firmware
1.1.0
ciscosmall_business_srp521w-u
*
ciscosmall_business_srp526w-u
*
ciscosmall_business_srp527w-u
*
ciscosmall_business_srp540_series_firmware
𝑥
≤ 1.02.01
ciscosmall_business_srp540_series_firmware
1.02.00.023
ciscosmall_business_srp541w
*
ciscosmall_business_srp546w
*
ciscosmall_business_srp547w
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500
http://www.securitytracker.com/id?1026736
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500
http://www.securitytracker.com/id?1026736