CVE-2014-7994
Cisco Meraki MS, MR, and MX Firmware < 2014-09-24 - Remote Code Execution via Local Network HTTP Handler
Title source: llmDescription
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=36798
Various Sources x_refsource_confirm
https://dashboard.meraki.com/firmware_security
Scores
EPSS
0.0068
EPSS Percentile
47.9%
Details
CWE
CWE-20
Status
published
Products (6)
cisco/meraki_mr
cisco/meraki_mr_firmware
< 2014-09-24
cisco/meraki_ms
cisco/meraki_ms_firmware
< 2014-09-24
cisco/meraki_mx
cisco/meraki_mx_firmware
< 2014-09-24
Published
Dec 24, 2014
Tracked Since
Feb 18, 2026