CVE-2021-1437

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-275
View all →

Vulnerability Description

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP).

Related Vulnerabilities

CVE-2014-1631

HIGH
CVSS:7.5(High)

Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.

CWE-2752014

CVE-2015-7781

HIGH
CVSS:7.5(High)

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.

CWE-2752015

CVE-2016-5299

HIGH
CVSS:7.5(High)

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android...

CWE-2752016

CVE-2016-7988

HIGH
CVSS:7.5(High)

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configura...

CWE-2752016

CVE-2016-9061

HIGH
CVSS:7.5(High)

A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Fire...

CWE-2752016

CVE-2017-17876

HIGH
CVSS:7.5(High)

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.

CWE-2752017