To exploit this vulnerability, an attacker must be able to send requests to the web server on the wireless access point. The attacker may require access to trusted networks and wired, rather than wireless, networks, as default security configurations likely limit access to the web-based management interface to external networks. In addition, the attacker must know the hard-coded default credentials to access the vulnerable scripts; however, this information has been disclosed publicly.
An exploit could allow the attacker to completely compromise a vulnerable access point. The attacker could leverage this access to change configuration settings, allowing the attacker to weaken security settings or monitor traffic transiting the device from other client systems.
This issue was reported by Christofaro Mune. Cisco PSIRT appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports.