CVE-2014-7994: Input Validation
First published: Wed Dec 24 2014(Updated: )
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Meraki Mr Firmware | <=2014-09-24 | |
| Cisco Meraki MR | ||
| Cisco Meraki MX Firmware | <=2014-09-24 | |
| Cisco Meraki Mx | ||
| Cisco Meraki Ms Firmware | <=2014-09-24 | |
| Cisco Meraki Ms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco meraki mr firmware
- version/cisco meraki mr firmware/2014-09-24
- canonical/cisco meraki mr
- canonical/cisco meraki mx firmware
- version/cisco meraki mx firmware/2014-09-24
- canonical/cisco meraki mx
- canonical/cisco meraki ms firmware
- version/cisco meraki ms firmware/2014-09-24
- canonical/cisco meraki ms