Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability

Summary

• A vulnerability in the command-line interface (CLI) command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. The commands are executed with full administrator privileges.
  
  The vulnerability is due to insufficient input validation of user-controlled input parameters entered at the CLI. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input parameters to certain commands. A successful exploit could allow an authenticated attacker to execute arbitrary shell commands or scripts on the affected device.
  
  Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
  
  This advisory is available at the following link:
  
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1

Affected Products

• Vulnerable Products

  The following Cisco products are affected by this vulnerability for all firmware versions until the first fixed version.
  

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

  The web-based management interface is available for these devices via a local LAN connection or the remote management feature. By default, the remote management feature is disabled for the affected devices.
  
  To determine whether the remote management feature is enabled for a device, open the web-based management interface for the device and then choose Basic Settings > Remote Management. If the Enable check box is checked, remote management is enabled for the device.

  Products Confirmed Not Vulnerable

  No other Cisco products are currently known to be affected by this vulnerability.

Workarounds

• There are no workarounds that address this vulnerability.

Fixed Software

• Cisco provides information about fixed software in Cisco bugs, which are accessible through the Cisco Bug Search Tool.
  
  When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
  
  In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
  
  Fixed Releases
  
  This vulnerability is fixed in the following firmware versions.
  

  • RV110W Wireless-N VPN Firewall, Release 1.2.1.7
  • RV130W Wireless-N Multifunction VPN Router, Release 1.0.3.16
  • RV215W Wireless-N VPN Router, Release 1.3.0.8

  The firmware updates can be downloaded from the Software Center on Cisco.com by navigating to Products > Routers > Small Business Routers > Small Business RV Series Routers.

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

• Cisco would like to thank external security researcher Adam Zielinski for discovering and reporting this vulnerability.

URL

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1

Revision History

• Version	Description	Section	Status	Date
  1.0	Initial public release.	?	Final	2016-August-03

  Show Less