Meru AP - Unrestricted execution of OS commands as root
Summary
An improper sanitization of commands elements (OS Command Injection) vulnerability [CWE-78] in Meru AP may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted commands in Meru AP's CLI.
Affected Products
Meru AP version 8.6.1 and below
Meru AP version 8.5.5 and below
Solutions
Upgrade to Meru AP version 8.6.2 or above