Description
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46664
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026266
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50495
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71103
Scores
EPSS
0.0180
EPSS Percentile
75.9%
Details
CWE
CWE-352
Status
published
Products (12)
cisco/small_business_srp520_series_firmware
1.00.06
cisco/small_business_srp520_series_firmware
1.01.01
cisco/small_business_srp520_series_firmware
1.01.19_mr3
cisco/small_business_srp520_series_firmware
< 1.01.23
cisco/small_business_srp521w
cisco/small_business_srp526w
cisco/small_business_srp527w
cisco/small_business_srp540_series_firmware
1.02.00
cisco/small_business_srp540_series_firmware
< 1.02.01_mr2
cisco/small_business_srp541w
... and 2 more
Published
Nov 03, 2011
Tracked Since
Feb 18, 2026