cvelistv5 - cve-2014-2177

CVE-2014-2177 (GCVE-0-2014-2177)

Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://packetstormsecurity.com/files/128992/Cisco…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://seclists.org/fulldisclosure/2014/Nov/6	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/533917/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id/1031171	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:05:59.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
          },
          {
            "name": "cisco-cve20142177-command-exec(98497)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
          },
          {
            "name": "1031171",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
        },
        {
          "name": "cisco-cve20142177-command-exec(98497)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
        },
        {
          "name": "20141106 Cisco RV Series multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
        },
        {
          "name": "20141106 Cisco RV Series multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
        },
        {
          "name": "1031171",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "cisco-cve20142177-command-exec(98497)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "1031171",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-2177",
    "datePublished": "2014-11-07T11:00:00",
    "dateReserved": "2014-02-25T00:00:00",
    "dateUpdated": "2024-08-06T10:05:59.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.5.8\", \"matchCriteriaId\": \"CAE232F2-B674-40E7-A96D-A1AC07CB84B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40465CA8-BE8B-4F15-8578-D8972C241D84\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.5.8\", \"matchCriteriaId\": \"6D5EB99F-8672-4939-95E8-AEE242A4EB6E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8620DFD9-E280-464E-91FF-2E901EDD49C0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.3.10\", \"matchCriteriaId\": \"66B8EC15-EC05-49DD-9334-AEE5C396FEC1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8BD67F3-98CE-4B03-8980-6791B753FDC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.\"}, {\"lang\": \"es\", \"value\": \"La interfaz de administraci\\u00f3n de la diagnostica de la red en el firmware del router Cisco RV en los dispositivos RV220W, anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\\u00e9s de una solicitud HTTP manipulada, tambi\\u00e9n conocido como Bug ID CSCuh87126.\"}]",
      "id": "CVE-2014-2177",
      "lastModified": "2024-11-21T02:05:47.910",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-11-07T11:55:02.407",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Nov/6\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/533917/100/0/threaded\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1031171\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/98497\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Nov/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/533917/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1031171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/98497\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2177\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-11-07T11:55:02.407\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.\"},{\"lang\":\"es\",\"value\":\"La interfaz de administraci\u00f3n de la diagnostica de la red en el firmware del router Cisco RV en los dispositivos RV220W, anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de una solicitud HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuh87126.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5.8\",\"matchCriteriaId\":\"CAE232F2-B674-40E7-A96D-A1AC07CB84B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40465CA8-BE8B-4F15-8578-D8972C241D84\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5.8\",\"matchCriteriaId\":\"6D5EB99F-8672-4939-95E8-AEE242A4EB6E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8620DFD9-E280-464E-91FF-2E901EDD49C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.3.10\",\"matchCriteriaId\":\"66B8EC15-EC05-49DD-9334-AEE5C396FEC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8BD67F3-98CE-4B03-8980-6791B753FDC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Nov/6\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/533917/100/0/threaded\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1031171\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/98497\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Nov/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/533917/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/98497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201411-0400

Vulnerability from variot - Updated: 2023-12-18 12:21

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. The Cisco RV router firmware is the Cisco RV 180 Series VPN Router firmware. An attacker could exploit this vulnerability to execute arbitrary code. Multiple Cisco RV Series Routers are prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug ID CSCuh87126. Cisco RV120W Wireless-N VPN Firewall, etc. are all products of Cisco (Cisco).

Details

https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html

References

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179 [4] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0400",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rv220w wireless network security firewall",
        "scope": null,
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv120w",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv180",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.3.10"
      },
      {
        "model": "rv220w",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv120w",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180w",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv220w",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv120w",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv120w wireless-n vpn firewall",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv120w wireless-n vpn firewall",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.0.5.9"
      },
      {
        "model": "rv180 vpn router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180 vpn router",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.0.4.14"
      },
      {
        "model": "rv180w wireless-n multifunction vpn router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "\u003c=1.0.3.10"
      },
      {
        "model": "rv220w",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "\u003c=1.0.5.8"
      },
      {
        "model": "rv220w",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv180",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1.0.3.10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.3.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yorick Koster of Securify.",
    "sources": [
      {
        "db": "BID",
        "id": "70921"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-2177",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2014-2177",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2014-08188",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-70116",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2177",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-08188",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201411-099",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70116",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. The Cisco RV router firmware is the Cisco RV 180 Series VPN Router firmware. An attacker could exploit this vulnerability to execute arbitrary code. Multiple Cisco RV Series Routers are prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. \nThis issue is being tracked by Cisco Bug ID CSCuh87126. Cisco RV120W Wireless-N VPN Firewall, etc. are all products of Cisco (Cisco). \n\n------------------------------------------------------------------------\nDetails\n------------------------------------------------------------------------\nhttps://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html\n\n------------------------------------------------------------------------\nReferences\n------------------------------------------------------------------------\n[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177\n[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178\n[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179\n[4]\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv \n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "BID",
        "id": "70921"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2177",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "128992",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1031171",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "70921",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-70116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "db": "BID",
        "id": "70921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "id": "VAR-201411-0400",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70116"
      }
    ],
    "trust": 1.32253884
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:21:07.771000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20141105-rv",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv"
      },
      {
        "title": "36240",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36240"
      },
      {
        "title": "Cisco RV router firmware patch for arbitrary code execution vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/51777"
      },
      {
        "title": "RV120W-Firmware-1.0.5.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54615"
      },
      {
        "title": "RV180W-Firmware-1.0.4.14",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54617"
      },
      {
        "title": "RV180-Firmware-1.0.4.14",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54616"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv"
      },
      {
        "trust": 1.5,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2177"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/nov/6"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/128992/cisco-rv-overwrite-csrf-command-execution.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031171"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2177"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/70921/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2177"
      },
      {
        "trust": 0.1,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2179"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2179"
      },
      {
        "trust": 0.1,
        "url": "https://www.securify.nl/advisory/sfy20130601/cisco_rv_series_multiple_vulnerabilities.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2178"
      },
      {
        "trust": 0.1,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2178"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "db": "BID",
        "id": "70921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "db": "BID",
        "id": "70921"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-11-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "date": "2014-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "date": "2014-11-05T00:00:00",
        "db": "BID",
        "id": "70921"
      },
      {
        "date": "2014-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "date": "2014-11-06T12:02:22",
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "date": "2014-11-07T11:55:02.407000",
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "date": "2014-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-11-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-08188"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70116"
      },
      {
        "date": "2014-11-24T00:58:00",
        "db": "BID",
        "id": "70921"
      },
      {
        "date": "2014-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      },
      {
        "date": "2018-10-09T19:43:09.423000",
        "db": "NVD",
        "id": "CVE-2014-2177"
      },
      {
        "date": "2014-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco RV Router Firmware  network-diagnostics An arbitrary command execution vulnerability in the management interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005294"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-099"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2014-AVI-461

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco Small Business RV Series Routers. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une élévation de privilèges.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Small Business	Cisco RV180 VPN Router avec un firmware antérieur au 1.0.4.14
Cisco	Small Business	Cisco RV120W Wireless-N VPN Firewall avec un firmware antérieur au 1.0.5.9
Cisco	Small Business	Cisco RV220W Wireless Network Security Firewall
Cisco	Small Business	Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware antérieur au 1.0.4.14

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 05 novembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco RV180 VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV120W Wireless-N VPN Firewall avec un firmware ant\u00e9rieur au 1.0.5.9",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV220W Wireless Network Security Firewall",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2178"
    },
    {
      "name": "CVE-2014-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2177"
    },
    {
      "name": "CVE-2014-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2179"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco Small Business RV Series\nRouters\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Small Business RV Series Routers",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 05 novembre 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    }
  ]
}

CERTFR-2014-AVI-461

Vulnerability from certfr_avis - Published: - Updated:

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Small Business	Cisco RV180 VPN Router avec un firmware antérieur au 1.0.4.14
Cisco	Small Business	Cisco RV120W Wireless-N VPN Firewall avec un firmware antérieur au 1.0.5.9
Cisco	Small Business	Cisco RV220W Wireless Network Security Firewall
Cisco	Small Business	Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware antérieur au 1.0.4.14

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 05 novembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco RV180 VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV120W Wireless-N VPN Firewall avec un firmware ant\u00e9rieur au 1.0.5.9",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV220W Wireless Network Security Firewall",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2178"
    },
    {
      "name": "CVE-2014-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2177"
    },
    {
      "name": "CVE-2014-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2179"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco Small Business RV Series\nRouters\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Small Business RV Series Routers",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 05 novembre 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    }
  ]
}

GHSA-9R5C-96R6-629R

Vulnerability from github – Published: 2022-05-14 02:53 – Updated: 2022-05-14 02:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-11-07T11:55:00Z",
    "severity": "HIGH"
  },
  "details": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.",
  "id": "GHSA-9r5c-96r6-629r",
  "modified": "2022-05-14T02:53:29Z",
  "published": "2022-05-14T02:53:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2177"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2014-2177

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-2177

Aliases

CVE-2014-2177

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-2177",
    "description": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.",
    "id": "GSD-2014-2177"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-2177"
      ],
      "details": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.",
      "id": "GSD-2014-2177",
      "modified": "2023-12-13T01:22:46.132105Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-2177",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
          },
          {
            "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
          },
          {
            "name": "cisco-cve20142177-command-exec(98497)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
          },
          {
            "name": "1031171",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031171"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.3.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2177"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "1031171",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031171"
            },
            {
              "name": "cisco-cve20142177-command-exec(98497)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:43Z",
      "publishedDate": "2014-11-07T11:55Z"
    }
  }
}

FKIE_CVE-2014-2177

Vulnerability from fkie_nvd - Published: 2014-11-07 11:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
psirt@cisco.com	http://seclists.org/fulldisclosure/2014/Nov/6
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv	Patch, Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/archive/1/533917/100/0/threaded
psirt@cisco.com	http://www.securitytracker.com/id/1031171
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/98497
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Nov/6
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/533917/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031171
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98497

Impacted products

Vendor	Product	Version
cisco	rv120w_firmware	*
cisco	rv120w	-
cisco	rv220w_firmware	*
cisco	rv220w	-
cisco	rv180_firmware	*
cisco	rv180	-
cisco	rv180w	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAE232F2-B674-40E7-A96D-A1AC07CB84B7",
              "versionEndIncluding": "1.0.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40465CA8-BE8B-4F15-8578-D8972C241D84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5EB99F-8672-4939-95E8-AEE242A4EB6E",
              "versionEndIncluding": "1.0.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8620DFD9-E280-464E-91FF-2E901EDD49C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B8EC15-EC05-49DD-9334-AEE5C396FEC1",
              "versionEndIncluding": "1.0.3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BD67F3-98CE-4B03-8980-6791B753FDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
    },
    {
      "lang": "es",
      "value": "La interfaz de administraci\u00f3n de la diagnostica de la red en el firmware del router Cisco RV en los dispositivos RV220W, anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de una solicitud HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuh87126."
    }
  ],
  "id": "CVE-2014-2177",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-07T11:55:02.407",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1031171"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-2177 (GCVE-0-2014-2177)

VAR-201411-0400

Details

References

CERTFR-2014-AVI-461

Contournement provisoire

CERTFR-2014-AVI-461

Contournement provisoire

GHSA-9R5C-96R6-629R

GSD-2014-2177

FKIE_CVE-2014-2177

Tags

Sightings

Nomenclature