CVE-2026-20169
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
A vulnerability in the web-based management interface of Cisco IoT Field Network Director allows an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This is due to insufficient input validation of user-supplied data.
Risk Assessment
An attacker can create, read, or delete files and execute limited commands in user EXEC mode on a remote router, potentially compromising data confidentiality, integrity, and availability.
Recommendation
Apply the patches provided by Cisco immediately and restrict access to the management interface to trusted users only.
Original NVD description (English source)
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.

