All the vulnerabilites related to cisco - rv180w_wireless-n_multifunction_vpn_router
cve-2015-6319
Vulnerability from cvelistv5
Published
2016-01-27 22:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1034830 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:15:13.307Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1034830", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034830" }, { "name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-27T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-05T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1034830", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034830" }, { "name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6319", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1034830", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034830" }, { "name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6319", "datePublished": "2016-01-27T22:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:15:13.307Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1429
Vulnerability from cvelistv5
Published
2016-08-08 00:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1 | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/92270 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1036527 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:14.540Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20160803 Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1" }, { "name": "92270", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/92270" }, { "name": "1036527", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036527" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-08-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-15T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20160803 Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1" }, { "name": "92270", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/92270" }, { "name": "1036527", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036527" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1429", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20160803 Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1" }, { "name": "92270", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92270" }, { "name": "1036527", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036527" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1429", "datePublished": "2016-08-08T00:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.540Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-0404
Vulnerability from cvelistv5
Published
2018-10-05 16:00
Modified
2024-11-26 14:26
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.
References
▼ | URL | Tags |
---|---|---|
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco RV180W Wireless-N Multifunction VPN Router |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:21:15.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-0404", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T18:52:57.519907Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:26:27.024Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco RV180W Wireless-N Multifunction VPN Router", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-05T15:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179" } ], "source": { "advisory": "CSCvk27179", "defect": [ [ "CSCvk27179" ] ], "discovery": "UNKNOWN" }, "title": "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-10-03T16:00:00-0500", "ID": "CVE-2018-0404", "STATE": "PUBLIC", "TITLE": "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco RV180W Wireless-N Multifunction VPN Router", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes." } ] }, "impact": { "cvss": { "baseScore": "7.5", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179", "refsource": "CONFIRM", "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179" } ] }, "source": { "advisory": "CSCvk27179", "defect": [ [ "CSCvk27179" ] ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0404", "datePublished": "2018-10-05T16:00:00Z", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-11-26T14:26:27.024Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2016-01-27 22:59
Modified
2024-11-21 02:34
Severity ?
Summary
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:rv016_multi-wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "217831DB-FC07-443B-B969-2513ACE0C0AA", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "87905EBD-2C32-41C7-933E-168B1A5941F2", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "0008DDD6-A6A5-46A2-B9A0-1DC807E29E02", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv082_dual_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "37F1D3C2-8CD6-416D-80C2-3ECBB941DA55", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "F95AABA7-ADCF-474B-A1AD-E55EFC09CF2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv120w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3562EAC-7DD9-4D7E-8A54-577FAEDFD42B", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv130_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A7C79FC-EC93-4832-85EC-E7D5672A7DF4", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "4993AC7B-5E6F-4DB5-90D8-3181148BC7B0", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv180_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C656EE6-510D-4530-947E-6C1DE46EBC68", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A68C4AD-0FB1-45FE-BD04-C3DC8A716F3F", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "175F8546-DBBB-4C34-9B9A-A39A6E70F2AF", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DD07AB5-E9DA-463F-B017-7A10FD8C2878", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "40BE4E08-761E-44B1-923C-8CAF3EA1B812", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "22E350F7-5E72-4749-BBFE-021A3B838105", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv325_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE38F76A-20EB-4A00-A84D-F5F262E7A1AD", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rv325_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "57228295-609D-4939-9FEF-71EFE6FFEAB6", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rvl200_4-port_ssl_ipsec_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4558947-E413-4283-959A-B7C854BCECE6", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:rvs4000_4-port_gigabit_security_router_-_vpn:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D7930A-EC68-4518-BA88-529A3D4F0919", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:wrv200_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*", "matchCriteriaId": "D22C7E67-0F47-416F-80A5-D218C655D275", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:wrv210_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*", "matchCriteriaId": "7618CAE2-22D2-44B1-8FE8-F29101B62D57", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:wrvs4400n_wireless-n_gigabit_security_router_-_vpn_v2.0:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0954EAD-6830-499E-BCE7-4F0FE1DDFE24", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "82E9DB28-1575-415C-BE18-9ADFD6BA66D5", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "1AE98C62-84E0-435F-A376-984B1819B94C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "EBC77F08-1A4A-46AC-8359-5B20BAA9989B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "FE637ED7-943B-45A3-A0B3-EEAE02A96693", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "AA64F9F9-6843-4A74-8DC4-692B8A7E8394", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "95D5F5BE-8A32-415A-A686-5221C42EFD8B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "DCCDA0D3-AF8C-4EC2-8DC8-64322452C697", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "CF064F34-25A3-474E-BCA8-BC135FA4B834", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1DEC997B-96CF-43E6-98C8-D6E469CA471D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "9B6AD360-866C-4E63-BA54-EAF697560D07", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A0B5DF7C-99D2-4CF9-A0AD-8D6BE5780CA7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F60788C6-2130-4561-B1C8-72B138F2E9B7", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en la interfaz de gesti\u00f3n basada en web en dispositivos Cisco RV220W permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una cabecera manipulada en una petici\u00f3n HTTP, tambi\u00e9n conocida como Bug ID CSCuv29574." } ], "id": "CVE-2015-6319", "lastModified": "2024-11-21T02:34:46.617", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-01-27T22:59:00.100", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034830" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034830" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-10-05 16:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.
References
▼ | URL | Tags | |
---|---|---|---|
ykramarz@cisco.com | https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179 | Permissions Required, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179 | Permissions Required, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | rv180w_wireless-n_multifunction_vpn_router | - | |
cisco | rv220w_wireless_network_security_firewall | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F284747-88FE-435D-80DF-E6C70BFEC1B5", "vulnerable": true }, { "criteria": "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5842FEB-322F-43E5-9349-583D236F12B9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes." }, { "lang": "es", "value": "Una vulnerabilidad en el c\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\u00eda recuperar informaci\u00f3n sensible que deber\u00eda estar restringida. Una vulnerabilidad en el c\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\u00eda recuperar informaci\u00f3n sensible que deber\u00eda estar restringida. El producto ha entrado en su fase de fin de vida y no habr\u00e1 m\u00e1s parches de firmware." } ], "id": "CVE-2018-0404", "lastModified": "2024-11-21T03:38:09.447", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-10-05T16:29:00.300", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required", "Vendor Advisory" ], "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "ykramarz@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-08-08 00:59
Modified
2024-11-21 02:46
Severity ?
Summary
Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:rv180_vpn_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7067DDD-F1F5-40D2-B75B-8FEBBE786FC2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:rv180_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "B866D375-B705-45E3-A1ED-FD4E661DE9D1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:rv180w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F329CF8-67A3-4636-8536-DAD3BC6A089C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F284747-88FE-435D-80DF-E6C70BFEC1B5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023." }, { "lang": "es", "value": "Vulnerabilidad de salto de directorio en la interfaz web en dispositivos Cisco RV180 y RV180W permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuz43023." } ], "id": "CVE-2016-1429", "lastModified": "2024-11-21T02:46:25.653", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-08-08T00:59:02.373", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1" }, { "source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/92270" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1036527" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/92270" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036527" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }