CVE-2017-15805

HIGH

Cisco Small Business SA520 and SA540 Firmware 2.1.71 and 2.2.0.7 - Path Traversal via thispage Parameter

Title source: llm
STIX 2.1

Description

Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0218
EPSS Percentile 80.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (4)
cisco/small_business_sa520_firmware 2.1.71
cisco/small_business_sa520_firmware 2.2.0.7
cisco/small_business_sa540_firmware 2.1.71
cisco/small_business_sa540_firmware 2.2.0.7
Published Oct 23, 2017
Tracked Since Feb 18, 2026