CVE-2010-2826
Summary
| CVE | CVE-2010-2826 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-08-17 05:41:21 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:S/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Wireless Control System Software | 6.0 | All | All | All |
| Application | Cisco | Wireless Control System Software | 6.0.132.0 | All | All | All |
| Application | Cisco | Wireless Control System Software | 6.0.170.0 | All | All | All |
| Application | Cisco | Wireless Control System Software | 6.0.181.0 | All | All | All |
| Application | Cisco | Wireless Control System Software | 6.0.182.0 | All | All | All |
| Application | Cisco | Wireless Control System Software | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Security Advisory: SQL Injection Vulnerability in Cisco Wireless Control System - Cisco Systems | af854a3a-2127-422b-91ae-364da2661108 | www.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.