CVE-2026-20169 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.

PUBLISHED Reserved 2025-10-08 | Published 2026-05-06 | Updated 2026-05-06 | Assigner cisco

MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unknown

4.5.1

affected

4.4.3

affected

4.1.0

affected

4.1.3

affected

4.6.1

affected

4.1.1

affected

4.4.0

affected

4.2.0

affected

4.4.2

affected

4.3.0

affected

4.6.0

affected

4.4.4

affected

4.3.2

affected

4.1.2

affected

4.4.1

affected

4.5.0

affected

4.3.1

affected

4.7.0

affected

4.6.2

affected

4.7.1

affected

4.7.2

affected

4.8.0

affected

4.8.1

affected

4.9.0

affected

4.9.1

affected

4.10.0

affected

4.9.2

affected

4.11.0

affected

4.12.0

affected

4.12.1

affected

References

sec.cloudapps.cisco.com/...ory/cisco-sa-iot-fnd-dos-n8N26Q4u (cisco-sa-iot-fnd-dos-n8N26Q4u)

cve.org (CVE-2026-20169)

nvd.nist.gov (CVE-2026-20169)

Download JSON