CVE-2014-7994

Name of the Vulnerable Software and Affected Versions Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24

Description The issue allows remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network.

Recommendations For Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24, update the firmware to a version released after 2014-09-24 to resolve the issue. As a temporary workaround, consider restricting access to the local network to minimize the risk of exploitation.