Cisco has released a vulnerability disclosure for their Wireless Access Points:
The vuln is in the web interface for the APs and could allow wiping of the security config and access to the administrative interface without authentication.
To quote Cisco:
A vulnerability exists in the access point web-browser interface when Security > Admin Access is changed from Default Authentication (Global Password) to Local User List Only (Individual Passwords). This results in the access point being re-configured with no security, either Global Password or Individual Passwords, enabled. This allows for open access to the access point via the web-browser interface or via the console port with no validation of user credentials.
The following access points are affected if running Cisco IOS® Software Release 12.3(8)JA or 12.3(8)JA1 and are configured for web-interface management:
- 350 Wireless Access Point and Wireless Bridge
- 1100 Wireless Access Point
- 1130 Wireless Access Point
- 1200 Wireless Access Point
- 1240 Wireless Access Point
- 1310 Wireless Bridge
- 1410 Wireless Access Point