Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router.
This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.
AnalysisAI
Cisco IoT Field Network Director's web-based management interface allows authenticated remote attackers with low privileges to execute arbitrary commands and access files on managed routers via insufficient input validation in the web interface. The vulnerability enables file creation, deletion, read operations, and execution of limited commands in user EXEC mode on remote routers. CVSS 6.4 (medium severity); no active exploitation or public POC identified at time of analysis.
Technical ContextAI
The vulnerability stems from insufficient input validation (CWE-77: Improper Neutralization of Special Elements used in a Command) in Cisco IoT Field Network Director's web-based management interface. The application fails to properly sanitize user-supplied input before passing it to backend command execution routines that interact with managed network devices. This allows injection of shell metacharacters or command sequences that are executed in the context of the remote router's user EXEC mode. The attack surface is the authenticated web interface, making this a post-authentication exploitation scenario rather than an unauthenticated remote code execution vulnerability.
RemediationAI
Apply the vendor-released patch from Cisco Security Advisory cisco-sa-iot-fnd-dos-n8N26Q4u, which provides fixed versions addressing the input validation defect. Detailed patched version numbers and upgrade procedures are available in the advisory referenced above. As an interim compensating control, restrict network access to the IoT-FND web-based management interface to trusted administrative networks only, leveraging firewall rules or network segmentation to limit exposure to potential compromised credentials. Additionally, implement strong access controls for IoT-FND user accounts with low-privilege roles, as the vulnerability specifically requires authenticated access - credential compromise is the primary attack vector. Monitor authentication logs to the management interface for anomalous login patterns. Note that compensating controls do not eliminate the underlying vulnerability; patching remains the primary remediation and should be completed promptly in production environments.
Cisco IoT Field Network Director enables authenticated remote attackers with low-level privileges to crash remotely mana
Authenticated remote attackers with low privileges can read arbitrary files via insufficient access controls in the web-
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27854
GHSA-rx82-7g7m-r755