CVE-2014-7994

Cisco Meraki MS, MR, and MX Firmware < 2014-09-24 - Remote Code Execution via Local Network HTTP Handler

Title source: llm
STIX 2.1

Description

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.

References (2)

Core 2
Core References
Various Sources x_refsource_confirm
https://dashboard.meraki.com/firmware_security

Scores

EPSS 0.0068
EPSS Percentile 47.9%

Details

CWE
CWE-20
Status published
Products (6)
cisco/meraki_mr
cisco/meraki_mr_firmware < 2014-09-24
cisco/meraki_ms
cisco/meraki_ms_firmware < 2014-09-24
cisco/meraki_mx
cisco/meraki_mx_firmware < 2014-09-24
Published Dec 24, 2014
Tracked Since Feb 18, 2026