CVE-2026-20169
Authenticated Remote Command Execution in Cisco IoT Field Network Director
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | iot_field_network_director | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web-based management interface of Cisco IoT Field Network Director. It allows an authenticated remote attacker with low privileges to exploit insufficient input validation of user-supplied data.
By submitting specially crafted input through the interface, the attacker could gain the ability to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized access to files and execution of commands on a remote router, which could compromise the integrity and confidentiality of the device.
An attacker with low privileges could manipulate files or execute commands, potentially disrupting network operations or gaining further access within the network.