cvelistv5 - cve-2018-0404

CVE-2018-0404 (GCVE-0-2018-0404)

Vulnerability from cvelistv5 – Published: 2018-10-05 16:00 – Updated: 2024-11-26 14:26

Title

Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability

Summary

Severity ?

No CVSS data available.

CWE

CWE-89

Assigner

cisco

References

URL

Tags

https://bst.cloudapps.cisco.com/bugsearch/bug/CSC…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Cisco	Cisco RV180W Wireless-N Multifunction VPN Router	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0404",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:52:57.519907Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:26:27.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco RV180W Wireless-N Multifunction VPN Router",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-05T15:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
        }
      ],
      "source": {
        "advisory": "CSCvk27179",
        "defect": [
          [
            "CSCvk27179"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
          "ID": "CVE-2018-0404",
          "STATE": "PUBLIC",
          "TITLE": "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco RV180W Wireless-N Multifunction VPN Router",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
              "refsource": "CONFIRM",
              "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
            }
          ]
        },
        "source": {
          "advisory": "CSCvk27179",
          "defect": [
            [
              "CSCvk27179"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0404",
    "datePublished": "2018-10-05T16:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:26:27.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F284747-88FE-435D-80DF-E6C70BFEC1B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5842FEB-322F-43E5-9349-583D236F12B9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el c\\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\\u00eda recuperar informaci\\u00f3n sensible que deber\\u00eda estar restringida. Una vulnerabilidad en el c\\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\\u00eda recuperar informaci\\u00f3n sensible que deber\\u00eda estar restringida. El producto ha entrado en su fase de fin de vida y no habr\\u00e1 m\\u00e1s parches de firmware.\"}]",
      "id": "CVE-2018-0404",
      "lastModified": "2024-11-21T03:38:09.447",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-05T16:29:00.300",
      "references": "[{\"url\": \"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0404\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2018-10-05T16:29:00.300\",\"lastModified\":\"2024-11-21T03:38:09.447\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el c\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\u00eda recuperar informaci\u00f3n sensible que deber\u00eda estar restringida. Una vulnerabilidad en el c\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\u00eda recuperar informaci\u00f3n sensible que deber\u00eda estar restringida. El producto ha entrado en su fase de fin de vida y no habr\u00e1 m\u00e1s parches de firmware.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F284747-88FE-435D-80DF-E6C70BFEC1B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5842FEB-322F-43E5-9349-583D236F12B9\"}]}]}],\"references\":[{\"url\":\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:21:15.517Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-0404\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-25T18:52:57.519907Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-25T18:54:13.353Z\"}}], \"cna\": {\"title\": \"Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability\", \"source\": {\"defect\": [[\"CSCvk27179\"]], \"advisory\": \"CSCvk27179\", \"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco RV180W Wireless-N Multifunction VPN Router\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-10-03T00:00:00\", \"references\": [{\"url\": \"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2018-10-05T15:57:01\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.5\"}}, \"source\": {\"defect\": [[\"CSCvk27179\"]], \"advisory\": \"CSCvk27179\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco RV180W Wireless-N Multifunction VPN Router\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\", \"name\": \"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-89\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-0404\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2018-10-03T16:00:00-0500\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-0404\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T14:26:27.024Z\", \"dateReserved\": \"2017-11-27T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-10-05T16:00:00Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2018-0404

Vulnerability from fkie_nvd - Published: 2018-10-05 16:29 - Updated: 2024-11-21 03:38

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@cisco.com	https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179	Permissions Required, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179	Permissions Required, Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	rv180w_wireless-n_multifunction_vpn_router	-
	cisco	rv220w_wireless_network_security_firewall	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F284747-88FE-435D-80DF-E6C70BFEC1B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5842FEB-322F-43E5-9349-583D236F12B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el c\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\u00eda recuperar informaci\u00f3n sensible que deber\u00eda estar restringida. Una vulnerabilidad en el c\u00f3digo framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podr\u00eda permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podr\u00eda recuperar informaci\u00f3n sensible que deber\u00eda estar restringida. El producto ha entrado en su fase de fin de vida y no habr\u00e1 m\u00e1s parches de firmware."
    }
  ],
  "id": "CVE-2018-0404",
  "lastModified": "2024-11-21T03:38:09.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-05T16:29:00.300",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-01907

Vulnerability from cnvd - Published: 2019-01-17

Title

Cisco RV180W Wireless-N Multifunction VPN Router和Small Business RV Series RV220W Wireless Network Security Firewall信息泄露安全漏洞

Description

Cisco RV180W Wireless-N Multifunction VPN Router和Small Business RV Series RV220W Wireless Network Security Firewall都是美国思科（Cisco）公司的产品。Cisco RV180W Wireless-N Multifunction VPN Router是一款路由器产品。Small Business RV Series RV220W Wireless Network Security Firewall是一款无线网络防火墙产品。 Cisco RV180W Wireless-N Multifunction VPN Router和Small Business RV Series RV220W Wireless Network Security Firewall中的Web框架组件存在安全漏洞。远程攻击者可利用该漏洞检索敏感信息。

Severity

中

Patch Name

Cisco RV180W Wireless-N Multifunction VPN Router和Small Business RV Series RV220W Wireless Network Security Firewall信息泄露安全漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179

Reference

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179

Impacted products

Name
['Cisco RV180W Wireless-N Multifunction VPN Router', 'Cisco Small Business RV Series RV220W Wireless Network Security Firewall']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0404"
    }
  },
  "description": "Cisco RV180W Wireless-N Multifunction VPN Router\u548cSmall Business RV Series RV220W Wireless Network Security Firewall\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco RV180W Wireless-N Multifunction VPN Router\u662f\u4e00\u6b3e\u8def\u7531\u5668\u4ea7\u54c1\u3002Small Business RV Series RV220W Wireless Network Security Firewall\u662f\u4e00\u6b3e\u65e0\u7ebf\u7f51\u7edc\u9632\u706b\u5899\u4ea7\u54c1\u3002\n\nCisco RV180W Wireless-N Multifunction VPN Router\u548cSmall Business RV Series RV220W Wireless Network Security Firewall\u4e2d\u7684Web\u6846\u67b6\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-01907",
  "openTime": "2019-01-17",
  "patchDescription": "Cisco RV180W Wireless-N Multifunction VPN Router\u548cSmall Business RV Series RV220W Wireless Network Security Firewall\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco RV180W Wireless-N Multifunction VPN Router\u662f\u4e00\u6b3e\u8def\u7531\u5668\u4ea7\u54c1\u3002Small Business RV Series RV220W Wireless Network Security Firewall\u662f\u4e00\u6b3e\u65e0\u7ebf\u7f51\u7edc\u9632\u706b\u5899\u4ea7\u54c1\u3002\r\n\r\nCisco RV180W Wireless-N Multifunction VPN Router\u548cSmall Business RV Series RV220W Wireless Network Security Firewall\u4e2d\u7684Web\u6846\u67b6\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco RV180W Wireless-N Multifunction VPN Router\u548cSmall Business RV Series RV220W Wireless Network Security Firewall\u4fe1\u606f\u6cc4\u9732\u5b89\u5168\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco RV180W Wireless-N Multifunction VPN Router",
      "Cisco Small Business RV Series RV220W Wireless Network Security Firewall"
    ]
  },
  "referenceLink": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-10",
  "title": "Cisco RV180W Wireless-N Multifunction VPN Router\u548cSmall Business RV Series RV220W Wireless Network Security Firewall\u4fe1\u606f\u6cc4\u9732\u5b89\u5168\u6f0f\u6d1e"
}

GSD-2018-0404

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0404

Aliases

CVE-2018-0404

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0404",
    "description": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.",
    "id": "GSD-2018-0404"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0404"
      ],
      "details": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.",
      "id": "GSD-2018-0404",
      "modified": "2023-12-13T01:22:24.885974Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
        "ID": "CVE-2018-0404",
        "STATE": "PUBLIC",
        "TITLE": "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco RV180W Wireless-N Multifunction VPN Router",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "7.5",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-89"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
            "refsource": "CONFIRM",
            "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
          }
        ]
      },
      "source": {
        "advisory": "CSCvk27179",
        "defect": [
          [
            "CSCvk27179"
          ]
        ],
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0404"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:31Z",
      "publishedDate": "2018-10-05T16:29Z"
    }
  }
}

VAR-201810-0355

Vulnerability from variot - Updated: 2023-12-18 13:08

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes. The Cisco RV180WWireless-NMultifunctionVPNRouter and the SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall are products of Cisco. The Cisco RV180WWireless-NMultifunctionVPNRouter is a router product. SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall is a wireless network firewall product. A security vulnerability exists in the Web framework components in the CiscoRV180WWireless-NMultifunctionVPNRouter and SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0355",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rv180w wireless-n multifunction vpn router",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv220w wireless network security firewall",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180w wireless-n multifunction vpn router",
        "scope": null,
        "trust": 1.4,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv220w wireless network security firewall",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business rv series rv220w wireless network security firewall",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      }
    ]
  },
  "cve": "CVE-2018-0404",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-0404",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-01907",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-118606",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-0404",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0404",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-01907",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-223",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118606",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes. The Cisco RV180WWireless-NMultifunctionVPNRouter and the SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall are products of Cisco. The Cisco RV180WWireless-NMultifunctionVPNRouter is a router product. SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall is a wireless network firewall product. A security vulnerability exists in the Web framework components in the CiscoRV180WWireless-NMultifunctionVPNRouter and SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118606"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0404",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118606",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "id": "VAR-201810-0355",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118606"
      }
    ],
    "trust": 1.49411765
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:08:17.059000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco RV180W Wireless-N Multifunction VPN Router",
        "trust": 0.8,
        "url": "https://www.cisco.com/c/en/us/products/routers/rv180w-wireless-n-multifunction-vpn-router/index.html"
      },
      {
        "title": "Cisco RV220W Wireless Network Security Firewall",
        "trust": 0.8,
        "url": "https://www.cisco.com/c/en/us/products/routers/rv220w-wireless-network-security-firewall/index.html"
      },
      {
        "title": "Patch for CiscoRV180WWireless-NMultifunctionVPNRouter and SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall Information Disclosure Security Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/150587"
      },
      {
        "title": "Cisco RV180W Wireless-N Multifunction VPN Router  and Small Business RV Series RV220W Wireless Network Security Firewall Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85437"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/cscvk27179"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0404"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0404"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "date": "2018-10-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118606"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "date": "2018-10-05T16:29:00.300000",
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "date": "2018-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-01907"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118606"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      },
      {
        "date": "2019-10-09T23:31:59.257000",
        "db": "NVD",
        "id": "CVE-2018-0404"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco RV180W Wireless-N Multifunction VPN Router and  Small Business RV Series RV220W Wireless Network Security Firewall In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011261"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-223"
      }
    ],
    "trust": 0.6
  }
}

GHSA-37VH-XJGP-VXMW

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0404"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-05T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.",
  "id": "GHSA-37vh-xjgp-vxmw",
  "modified": "2022-05-13T01:35:14Z",
  "published": "2022-05-13T01:35:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0404"
    },
    {
      "type": "WEB",
      "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0404 (GCVE-0-2018-0404)

FKIE_CVE-2018-0404

CNVD-2019-01907

GSD-2018-0404

VAR-201810-0355

GHSA-37VH-XJGP-VXMW

Tags

Sightings

Nomenclature