CVE-2014-0659
Cisco Rvs4000 Firmware < 2.0.3.2 - OS Command Injection
Title source: ruleDescription
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotehardware
https://www.exploit-db.com/exploits/30915
metasploit
SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb
metasploit
WORKING POC
GREAT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/sercomm_exec.rb
References (8)
Scores
EPSS
0.6560
EPSS Percentile
98.5%
Details
CWE
CWE-78
Status
published
Products (16)
cisco/rvs4000
cisco/rvs4000_firmware
1.3.2.0
cisco/rvs4000_firmware
1.3.3.5
cisco/rvs4000_firmware
2.0.0.3
cisco/rvs4000_firmware
2.0.2.7
cisco/rvs4000_firmware
< 2.0.3.2
cisco/wap4410n
cisco/wap4410n_firmware
2.0.2.1
cisco/wap4410n_firmware
2.0.3.3
cisco/wap4410n_firmware
2.0.4.2
... and 6 more
Published
Jan 12, 2014
Tracked Since
Feb 18, 2026