Cisco’s Ultra-Reliable Wireless Backhaul (URWB) hardware has been hit with a hard-to-ignore flaw that could allow attackers to hijack the access points’ web interface using a crafted HTTP request.
Identified as CVE-2024-20418, Cisco said the issue affects three products: the Catalyst IW9165D Heavy Duty Access Points, the Catalyst IW9165E Rugged Access Points and Wireless Clients, and the Catalyst IW9167E Heavy Duty Access Points.
However, the access points are only vulnerable if they are running vulnerable software in URWB mode, Cisco said. Admins can confirm whether URWB mode is in operation by using the show mpls-config command. If this is disabled, the device was not affected. Cisco’s other wireless access point products that don’t use URWB are unaffected.