CVE-2011-4005: CSRF
First published: Thu Nov 03 2011(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SRP521W | ||
| Cisco Small Business SRP526W/U | ||
| Cisco Small Business SRP527W | ||
| Cisco Small Business SRP520-U Series Firmware | <=1.01.23 | |
| Cisco Small Business SRP520-U Series Firmware | =1.00.06 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.01 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.19_mr3 | |
| Cisco Small Business SRP541W | ||
| Cisco Small Business SRP546W | ||
| Cisco Small Business SRP547W | ||
| Cisco Small Business SA540 Firmware | <=1.02.01_mr2 | |
| Cisco Small Business SA540 Firmware | =1.02.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-4005?
CVE-2011-4005 has been classified with a medium severity rating due to its potential for exploit through cross-site request forgery.
How do I fix CVE-2011-4005?
To remediate CVE-2011-4005, upgrade the firmware of affected Cisco Small Business SRP devices to versions 1.1.24 or above for SRP520 series and 1.2.1 or later for SRP540 series.
Which devices are affected by CVE-2011-4005?
CVE-2011-4005 affects several models including the Cisco Small Business SRP521W, SRP526W, SRP527W, SRP541W, SRP546W, and SRP547W with specific firmware versions.
What are the potential consequences of CVE-2011-4005?
Exploitation of CVE-2011-4005 could allow attackers to perform unauthorized actions on the affected devices through malicious HTTP requests.
Is there a workaround for CVE-2011-4005?
There is no documented workaround for CVE-2011-4005; upgrading the firmware is the recommended approach to mitigate the vulnerability.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco srp521w
- canonical/cisco small business srp526w/u
- canonical/cisco small business srp527w
- canonical/cisco small business srp520-u series firmware
- version/cisco small business srp520-u series firmware/1.01.23
- version/cisco small business srp520-u series firmware/1.00.06
- version/cisco small business srp520-u series firmware/1.01.01
- version/cisco small business srp520-u series firmware/1.01.19_mr3
- canonical/cisco small business srp541w
- canonical/cisco small business srp546w
- canonical/cisco small business srp547w
- canonical/cisco small business sa540 firmware
- version/cisco small business sa540 firmware/1.02.01_mr2
- version/cisco small business sa540 firmware/1.02.00