CVE-2024-20336

Name of the Vulnerable Software and Affected Versions Cisco Small Business 100, 300, 500 Series Wireless Access Points (affected versions not specified)

Description The issue is related to a buffer overflow vulnerability in the web-based user interface of the affected devices. This vulnerability can be exploited by an authenticated, remote attacker who has valid administrative credentials for the device. The attacker can send a crafted HTTP request to the web-based management interface, potentially allowing them to execute arbitrary code as the root user on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input.

Recommendations For Cisco Small Business 100, 300, 500 Series Wireless Access Points, as a temporary workaround, consider restricting access to the web-based management interface until a patch is available. Avoid using the web-based user interface with administrative credentials until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.