CVE-2012-0364
First published: Sat Feb 25 2012(Updated: )
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Small Business SRP520-U Series Firmware | <=1.01.24 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.01 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.09 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.11 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.19 | |
| Cisco Small Business SRP520-U Series Firmware | =1.01.23 | |
| Cisco SRP521W | ||
| Cisco Small Business SRP526W/U | ||
| Cisco Small Business SRP527W | ||
| Cisco SRP520 Firmware | =1.1.0 | |
| Cisco SRP521W | ||
| Cisco Small Business SRP526W/U | ||
| Cisco Small Business SRP527W | ||
| Cisco Small Business SA540 Firmware | <=1.02.01 | |
| Cisco Small Business SA540 Firmware | =1.02.00.023 | |
| Cisco Small Business SRP541W | ||
| Cisco Small Business SRP546W | ||
| Cisco Small Business SRP547W |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0364?
CVE-2012-0364 is considered a high severity vulnerability due to the potential for remote attackers to overwrite device configuration files.
How do I fix CVE-2012-0364?
To fix CVE-2012-0364, upgrade affected Cisco SRP devices to firmware version 1.1.26 or later for SRP 520 series, and 1.2.4 or later for SRP 540 series.
What devices are affected by CVE-2012-0364?
CVE-2012-0364 affects Cisco SRP 520 series devices with firmware versions prior to 1.1.26 and SRP 540 series devices with firmware versions before 1.2.4.
What could happen if CVE-2012-0364 is exploited?
Exploitation of CVE-2012-0364 could allow remote attackers to replace configuration files, potentially leading to loss of device control or security breaches.
When was CVE-2012-0364 reported?
CVE-2012-0364 was reported and publicly disclosed on February 23, 2012.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco small business srp520-u series firmware
- version/cisco small business srp520-u series firmware/1.01.24
- version/cisco small business srp520-u series firmware/1.01.01
- version/cisco small business srp520-u series firmware/1.01.09
- version/cisco small business srp520-u series firmware/1.01.11
- version/cisco small business srp520-u series firmware/1.01.19
- version/cisco small business srp520-u series firmware/1.01.23
- canonical/cisco srp521w
- canonical/cisco small business srp526w/u
- canonical/cisco small business srp527w
- canonical/cisco srp520 firmware
- version/cisco srp520 firmware/1.1.0
- canonical/cisco small business sa540 firmware
- version/cisco small business sa540 firmware/1.02.01
- version/cisco small business sa540 firmware/1.02.00.023
- canonical/cisco small business srp541w
- canonical/cisco small business srp546w
- canonical/cisco small business srp547w