Vulnerabilites related to cisco - rv130w_wireless-n_multifunction_vpn_router
Vulnerability from fkie_nvd
Published
2016-06-19 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0081BB31-AA51-4E6F-BDC0-62F4E4388F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9638155-20F1-469E-B13C-2334713B8CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAB434B-FADE-40F4-9478-1DC063FE0F2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482ABE1F-7DEF-4E24-9696-8030DAD98598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C8D001-6827-4DB4-AC6D-83365FD622A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF38D8F0-2400-431A-8BFA-48E5D9CB7E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0624E0-993B-43AE-9D61-4DCA3E39ADAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25E45E45-4533-4E9E-B542-606B9EAB3D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58A90A10-CC3F-4743-8FAA-0C8CDCFC1BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "89375F30-1ACD-46AF-898F-176546BFF078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9FB3B1-1669-4B07-849C-7DAF013234F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "939B5242-6224-4BA7-88CA-467D5350987A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz de gesti\u00f3n basada en web en dispositivos Cisco RV110W con firmware before 1.2.1.7, dispositivos RV130W con firmware en versiones anteriores a 1.0.3.16 y dispositivos RV215W con firmware en versiones anteriores a 1.3.0.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro manipulado, tambi\u00e9n conocido como Bug ID CSCux82583."
}
],
"id": "CVE-2016-1396",
"lastModified": "2024-11-21T02:46:21.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T01:59:04.043",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036114"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-16 18:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA11233-FA93-4820-871B-FD12C27E8BBD",
"versionEndExcluding": "1.2.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE753751-F569-43C9-A9B8-89C942AF5CC6",
"versionEndExcluding": "1.0.3.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBD42A1-5F35-4052-B528-27EE508FD276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65A13396-B0C0-4419-AE91-CDD8CD77B6C6",
"versionEndExcluding": "1.0.3.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE7F490-F557-4E7F-BFC0-9C01286585BF",
"versionEndExcluding": "1.3.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Small Business RV110W, RV130, RV130W, y RV215W Series Routers, podr\u00eda permitir a un atacante remoto autenticado inyectar comandos de shell arbitrarios que son ejecutados por un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente de los datos suministrados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n dise\u00f1ada a la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos o scripts de shell arbitrarios con privilegios root en el dispositivo afectado"
}
],
"id": "CVE-2020-3332",
"lastModified": "2024-11-21T05:30:49.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-16T18:15:17.457",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-16 18:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA11233-FA93-4820-871B-FD12C27E8BBD",
"versionEndExcluding": "1.2.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF1D812-B3B4-4D59-AFDF-0E4C7095584B",
"versionEndExcluding": "1.0.3.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBD42A1-5F35-4052-B528-27EE508FD276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F13CA0-C66C-4BC6-95F2-23F84CAA9B35",
"versionEndExcluding": "1.0.3.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE7F490-F557-4E7F-BFC0-9C01286585BF",
"versionEndExcluding": "1.3.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Small Busines RV110W, RV130, RV130W y Routers RV215W podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario en un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario en la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones HTTP dise\u00f1adas hacia un dispositivo objetivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario como usuario root en el sistema operativo subyacente del dispositivo afectado"
}
],
"id": "CVE-2020-3323",
"lastModified": "2024-11-21T05:30:48.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-16T18:15:17.157",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0081BB31-AA51-4E6F-BDC0-62F4E4388F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9638155-20F1-469E-B13C-2334713B8CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAB434B-FADE-40F4-9478-1DC063FE0F2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25E45E45-4533-4E9E-B542-606B9EAB3D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58A90A10-CC3F-4743-8FAA-0C8CDCFC1BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "89375F30-1ACD-46AF-898F-176546BFF078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9FB3B1-1669-4B07-849C-7DAF013234F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "939B5242-6224-4BA7-88CA-467D5350987A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482ABE1F-7DEF-4E24-9696-8030DAD98598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C8D001-6827-4DB4-AC6D-83365FD622A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF38D8F0-2400-431A-8BFA-48E5D9CB7E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0624E0-993B-43AE-9D61-4DCA3E39ADAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428."
},
{
"lang": "es",
"value": "Interfaz de gesti\u00f3n basada en web en dispositivos Cisco RV110W con firmware en versiones anteriores a 1.2.1.7, dispositivos RV130W con firmware en versiones anteriores a 1.0.3.16 y dispositivos RV215W con firmware en versiones anteriores a 1.3.0.8 permite a atacantes remotos ejecutar c\u00f3digo arbitrario como root a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCux82428."
}
],
"id": "CVE-2016-1395",
"lastModified": "2024-11-21T02:46:21.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T01:59:03.077",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036113"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-27 22:59
Modified
2024-11-21 02:34
Severity ?
Summary
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv016_multi-wan_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "217831DB-FC07-443B-B969-2513ACE0C0AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87905EBD-2C32-41C7-933E-168B1A5941F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0008DDD6-A6A5-46A2-B9A0-1DC807E29E02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv082_dual_wan_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37F1D3C2-8CD6-416D-80C2-3ECBB941DA55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F95AABA7-ADCF-474B-A1AD-E55EFC09CF2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv120w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3562EAC-7DD9-4D7E-8A54-577FAEDFD42B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv130_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7C79FC-EC93-4832-85EC-E7D5672A7DF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4993AC7B-5E6F-4DB5-90D8-3181148BC7B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv180_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C656EE6-510D-4530-947E-6C1DE46EBC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A68C4AD-0FB1-45FE-BD04-C3DC8A716F3F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "175F8546-DBBB-4C34-9B9A-A39A6E70F2AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD07AB5-E9DA-463F-B017-7A10FD8C2878",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40BE4E08-761E-44B1-923C-8CAF3EA1B812",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22E350F7-5E72-4749-BBFE-021A3B838105",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv325_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38F76A-20EB-4A00-A84D-F5F262E7A1AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rv325_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57228295-609D-4939-9FEF-71EFE6FFEAB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rvl200_4-port_ssl_ipsec_vpn_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4558947-E413-4283-959A-B7C854BCECE6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000_4-port_gigabit_security_router_-_vpn:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54D7930A-EC68-4518-BA88-529A3D4F0919",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:wrv200_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D22C7E67-0F47-416F-80A5-D218C655D275",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:wrv210_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7618CAE2-22D2-44B1-8FE8-F29101B62D57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n_wireless-n_gigabit_security_router_-_vpn_v2.0:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0954EAD-6830-499E-BCE7-4F0FE1DDFE24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82E9DB28-1575-415C-BE18-9ADFD6BA66D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE98C62-84E0-435F-A376-984B1819B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC77F08-1A4A-46AC-8359-5B20BAA9989B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE637ED7-943B-45A3-A0B3-EEAE02A96693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AA64F9F9-6843-4A74-8DC4-692B8A7E8394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "95D5F5BE-8A32-415A-A686-5221C42EFD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCDA0D3-AF8C-4EC2-8DC8-64322452C697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF064F34-25A3-474E-BCA8-BC135FA4B834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEC997B-96CF-43E6-98C8-D6E469CA471D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6AD360-866C-4E63-BA54-EAF697560D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B5DF7C-99D2-4CF9-A0AD-8D6BE5780CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F60788C6-2130-4561-B1C8-72B138F2E9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*",
"matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la interfaz de gesti\u00f3n basada en web en dispositivos Cisco RV220W permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una cabecera manipulada en una petici\u00f3n HTTP, tambi\u00e9n conocida como Bug ID CSCuv29574."
}
],
"id": "CVE-2015-6319",
"lastModified": "2024-11-21T02:34:46.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-27T22:59:00.100",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1034830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034830"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25E45E45-4533-4E9E-B542-606B9EAB3D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58A90A10-CC3F-4743-8FAA-0C8CDCFC1BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "89375F30-1ACD-46AF-898F-176546BFF078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9FB3B1-1669-4B07-849C-7DAF013234F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "939B5242-6224-4BA7-88CA-467D5350987A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482ABE1F-7DEF-4E24-9696-8030DAD98598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C8D001-6827-4DB4-AC6D-83365FD622A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BF38D8F0-2400-431A-8BFA-48E5D9CB7E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0624E0-993B-43AE-9D61-4DCA3E39ADAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0081BB31-AA51-4E6F-BDC0-62F4E4388F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9638155-20F1-469E-B13C-2334713B8CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAB434B-FADE-40F4-9478-1DC063FE0F2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la interfaz de gesti\u00f3n basada en web en dispositivos Cisco RV110W con firmware en versiones anteriores a 1.2.1.7, dispositivos RV130W con firmware en versiones anteriores a 1.0.3.16 y dispositivos RV215W con firmware en versiones anteriores a 1.3.0.8 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (recarga del dispositivo) a trav\u00e9s de comandos de configuraci\u00f3n manipulados en una petici\u00f3n HTTP, tambi\u00e9n conocido como Bug ID CSCux82523."
}
],
"id": "CVE-2016-1397",
"lastModified": "2024-11-21T02:46:22.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T01:59:05.107",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036115"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 20:15
Modified
2024-11-21 06:11
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB84906-A29C-427D-9BE2-D38686E8F86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7B6E7F-355A-4055-8CB0-75CFD0645F73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130_vpn_router_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF47C9BB-807F-4432-8EDE-7077123C00D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBD42A1-5F35-4052-B528-27EE508FD276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1E09B2-B5DF-49AE-B4DC-87E161A40700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7E92AF-4DC3-4756-A123-40094B0FC41F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servicio Universal Plug-and-Play (UPnP) de los Routers Cisco Small Business RV110W, RV130, RV130W y RV215W, podr\u00eda permitir a un atacante no autenticado remoto ejecutar c\u00f3digo arbitrario o hacer que un dispositivo afectado se reinicie inesperadamente, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad es debido a una comprobaci\u00f3n inapropiada del tr\u00e1fico UPnP entrante. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n UPnP dise\u00f1ada a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condici\u00f3n de DoS. Cisco no ha publicado actualizaciones de software que aborden esta vulnerabilidad."
}
],
"id": "CVE-2021-34730",
"lastModified": "2024-11-21T06:11:04.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T20:15:07.447",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7B6E7F-355A-4055-8CB0-75CFD0645F73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130_vpn_router_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF47C9BB-807F-4432-8EDE-7077123C00D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBD42A1-5F35-4052-B528-27EE508FD276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1E09B2-B5DF-49AE-B4DC-87E161A40700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7E92AF-4DC3-4756-A123-40094B0FC41F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podr\u00edan permitir a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario o causar que un dispositivo afectado se reinicie inesperadamente.\u0026#xa0;Las vulnerabilidades son debido a una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario en la interfaz de administraci\u00f3n basada en web.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de peticiones HTTP dise\u00f1adas hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\u0026#xa0;Para explotar estas vulnerabilidades, un atacante necesitar\u00eda tener credenciales de administrador v\u00e1lidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades."
}
],
"id": "CVE-2021-1217",
"lastModified": "2024-11-21T05:43:51.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-13T22:15:20.257",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-08 00:59
Modified
2024-11-21 02:34
Severity ?
Summary
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAFE09F-6166-42EC-989A-713011997722",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C35AFC54-7925-48F9-BA4E-9ACF73DC2723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B912FFCC-F481-4C39-8E05-BD6CC1FA12A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567."
},
{
"lang": "es",
"value": "El analizador de comandos CLI en dispositivos Cisco RV110W, RV130W y RV215W permite a usuarios locales ejecutar comandos shell arbitrarios como un administrador a trav\u00e9s de par\u00e1metros manipulados, tambi\u00e9n conocido como Bug IDs CSCuv90134, CSCux58161 y CSCux73567."
}
],
"id": "CVE-2015-6396",
"lastModified": "2024-11-21T02:34:55.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-08T00:59:00.140",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/92269"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036528"
},
{
"source": "psirt@cisco.com",
"url": "https://www.exploit-db.com/exploits/45986/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45986/"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-08 00:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAFE09F-6166-42EC-989A-713011997722",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C35AFC54-7925-48F9-BA4E-9ACF73DC2723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD30B0C7-E04A-4B05-82D1-9DA487F8639D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B912FFCC-F481-4C39-8E05-BD6CC1FA12A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557."
},
{
"lang": "es",
"value": "Dispositivos Cisco RV110W, RV130W y RV215W tiene una configuraci\u00f3n RBAC incorrecta para la cuenta por defecto, lo que permite a usuarios remotos autenticados obtener acceso root a trav\u00e9s de un inicio de sesi\u00f3n con esa cuenta, tambi\u00e9n conocido como Bug IDs CSCuv90139, CSCux58175 y CSCux73557."
}
],
"id": "CVE-2015-6397",
"lastModified": "2024-11-21T02:34:55.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-08T00:59:01.267",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Mitigation",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/92273"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1036524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036524"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-3332
Vulnerability from cvelistv5
Published
2020-07-16 17:21
Modified
2024-11-15 16:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco RV130W Wireless-N Multifunction VPN Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:27:23.606088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:55:10.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RV130W Wireless-N Multifunction VPN Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:21:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy"
}
],
"source": {
"advisory": "cisco-sa-cmd-shell-injection-9jOQn9Dy",
"defect": [
[
"CSCvs50846",
"CSCvs50849",
"CSCvs50853"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-07-15T16:00:00",
"ID": "CVE-2020-3332",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco RV130W Wireless-N Multifunction VPN Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy"
}
]
},
"source": {
"advisory": "cisco-sa-cmd-shell-injection-9jOQn9Dy",
"defect": [
[
"CSCvs50846",
"CSCvs50849",
"CSCvs50853"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3332",
"datePublished": "2020-07-16T17:21:00.535701Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T16:55:10.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34730
Vulnerability from cvelistv5
Published
2021-08-18 19:40
Modified
2024-11-07 22:03
Severity ?
EPSS score ?
Summary
A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210818 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:55:58.462216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:03:55.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T19:40:27",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210818 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
}
],
"source": {
"advisory": "cisco-sa-cisco-sb-rv-overflow-htpymMB5",
"defect": [
[
"CSCvz05607"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-08-18T16:00:00",
"ID": "CVE-2021-34730",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210818 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
}
]
},
"source": {
"advisory": "cisco-sa-cisco-sb-rv-overflow-htpymMB5",
"defect": [
[
"CSCvz05607"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34730",
"datePublished": "2021-08-18T19:40:27.447795Z",
"dateReserved": "2021-06-15T00:00:00",
"dateUpdated": "2024-11-07T22:03:55.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1217
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:48
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:34:28.180234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:48:51.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T21:16:44",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"
}
],
"source": {
"advisory": "cisco-sa-rv-overflow-WUnUgv4U",
"defect": [
[
"CSCvv65098",
"CSCvv69398",
"CSCvv71463",
"CSCvv71466",
"CSCvv71467",
"CSCvv71468",
"CSCvv79107",
"CSCvv79109",
"CSCvv79110",
"CSCvv96729",
"CSCvv96730",
"CSCvv96732",
"CSCvv96733",
"CSCvv96738",
"CSCvv96741",
"CSCvv96742",
"CSCvv96747",
"CSCvv96748",
"CSCvv96751",
"CSCvv96755",
"CSCvv96756",
"CSCvv96757",
"CSCvv96758",
"CSCvv96759",
"CSCvv96761",
"CSCvv96762",
"CSCvv96763",
"CSCvv96764",
"CSCvv96765",
"CSCvv96767",
"CSCvv96768",
"CSCvv96771",
"CSCvv96772",
"CSCvv96799",
"CSCvv96800",
"CSCvv96801",
"CSCvv96806",
"CSCvv96807",
"CSCvv96809",
"CSCvv96810",
"CSCvv96811",
"CSCvv96812",
"CSCvv96814",
"CSCvv96817",
"CSCvv96818",
"CSCvv96820",
"CSCvw04678",
"CSCvw04779",
"CSCvw04781",
"CSCvw06813",
"CSCvw06828",
"CSCvw06832",
"CSCvw06841",
"CSCvw06846",
"CSCvw06852",
"CSCvw06860",
"CSCvw06865",
"CSCvw06868",
"CSCvw06873",
"CSCvw06874",
"CSCvw06879",
"CSCvw06880",
"CSCvw06882",
"CSCvw06894",
"CSCvw06900",
"CSCvw06902",
"CSCvw06950",
"CSCvw06958",
"CSCvw06961",
"CSCvw06962",
"CSCvw06967",
"CSCvw06971",
"CSCvw06978",
"CSCvw06981",
"CSCvw06982",
"CSCvw06987",
"CSCvw06991",
"CSCvw06992",
"CSCvw06993",
"CSCvw06998",
"CSCvw07002",
"CSCvw10473",
"CSCvw10484",
"CSCvw10487",
"CSCvw49030",
"CSCvw49034",
"CSCvw49036",
"CSCvw76488",
"CSCvw91642"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-01-13T16:00:00",
"ID": "CVE-2021-1217",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"
}
]
},
"source": {
"advisory": "cisco-sa-rv-overflow-WUnUgv4U",
"defect": [
[
"CSCvv65098",
"CSCvv69398",
"CSCvv71463",
"CSCvv71466",
"CSCvv71467",
"CSCvv71468",
"CSCvv79107",
"CSCvv79109",
"CSCvv79110",
"CSCvv96729",
"CSCvv96730",
"CSCvv96732",
"CSCvv96733",
"CSCvv96738",
"CSCvv96741",
"CSCvv96742",
"CSCvv96747",
"CSCvv96748",
"CSCvv96751",
"CSCvv96755",
"CSCvv96756",
"CSCvv96757",
"CSCvv96758",
"CSCvv96759",
"CSCvv96761",
"CSCvv96762",
"CSCvv96763",
"CSCvv96764",
"CSCvv96765",
"CSCvv96767",
"CSCvv96768",
"CSCvv96771",
"CSCvv96772",
"CSCvv96799",
"CSCvv96800",
"CSCvv96801",
"CSCvv96806",
"CSCvv96807",
"CSCvv96809",
"CSCvv96810",
"CSCvv96811",
"CSCvv96812",
"CSCvv96814",
"CSCvv96817",
"CSCvv96818",
"CSCvv96820",
"CSCvw04678",
"CSCvw04779",
"CSCvw04781",
"CSCvw06813",
"CSCvw06828",
"CSCvw06832",
"CSCvw06841",
"CSCvw06846",
"CSCvw06852",
"CSCvw06860",
"CSCvw06865",
"CSCvw06868",
"CSCvw06873",
"CSCvw06874",
"CSCvw06879",
"CSCvw06880",
"CSCvw06882",
"CSCvw06894",
"CSCvw06900",
"CSCvw06902",
"CSCvw06950",
"CSCvw06958",
"CSCvw06961",
"CSCvw06962",
"CSCvw06967",
"CSCvw06971",
"CSCvw06978",
"CSCvw06981",
"CSCvw06982",
"CSCvw06987",
"CSCvw06991",
"CSCvw06992",
"CSCvw06993",
"CSCvw06998",
"CSCvw07002",
"CSCvw10473",
"CSCvw10484",
"CSCvw10487",
"CSCvw49030",
"CSCvw49034",
"CSCvw49036",
"CSCvw76488",
"CSCvw91642"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1217",
"datePublished": "2021-01-13T21:16:44.225412Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-12T20:48:51.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3323
Vulnerability from cvelistv5
Published
2020-07-16 17:20
Modified
2024-11-15 16:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:19:35.748050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:55:41.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-16T17:20:46",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp"
}
],
"source": {
"advisory": "cisco-sa-rv-rce-AQKREqp",
"defect": [
[
"CSCvr97864",
"CSCvr97884",
"CSCvr97889"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-07-15T16:00:00",
"ID": "CVE-2020-3323",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp"
}
]
},
"source": {
"advisory": "cisco-sa-rv-rce-AQKREqp",
"defect": [
[
"CSCvr97864",
"CSCvr97884",
"CSCvr97889"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3323",
"datePublished": "2020-07-16T17:20:47.027185Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T16:55:41.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6397
Vulnerability from cvelistv5
Published
2016-08-08 00:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92273 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036524 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92273"
},
{
"name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2"
},
{
"name": "1036524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036524"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "92273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92273"
},
{
"name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2"
},
{
"name": "1036524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036524"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92273"
},
{
"name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2"
},
{
"name": "1036524",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036524"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6397",
"datePublished": "2016-08-08T00:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1397
Vulnerability from cvelistv5
Published
2016-06-19 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036115 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
},
{
"name": "1036115",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
},
{
"name": "1036115",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
},
{
"name": "1036115",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1397",
"datePublished": "2016-06-19T01:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1396
Vulnerability from cvelistv5
Published
2016-06-19 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036114 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"name": "1036114",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"name": "1036114",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"name": "1036114",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1396",
"datePublished": "2016-06-19T01:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6319
Vulnerability from cvelistv5
Published
2016-01-27 22:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034830 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034830"
},
{
"name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1034830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034830"
},
{
"name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034830",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034830"
},
{
"name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6319",
"datePublished": "2016-01-27T22:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1395
Vulnerability from cvelistv5
Published
2016-06-19 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036113 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036113",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036113"
},
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1036113",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036113"
},
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036113",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036113"
},
{
"name": "20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1395",
"datePublished": "2016-06-19T01:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6396
Vulnerability from cvelistv5
Published
2016-08-08 00:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1 | vendor-advisory, x_refsource_CISCO | |
| https://www.exploit-db.com/exploits/45986/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/92269 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036528 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
},
{
"name": "45986",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45986/"
},
{
"name": "92269",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92269"
},
{
"name": "1036528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-15T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
},
{
"name": "45986",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45986/"
},
{
"name": "92269",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92269"
},
{
"name": "1036528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
},
{
"name": "45986",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45986/"
},
{
"name": "92269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92269"
},
{
"name": "1036528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6396",
"datePublished": "2016-08-08T00:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}