Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-2178

Published: 07/11/2014 Updated: 09/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Rv180 Firmware

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, prior to 1.0.5.9 on RV120W devices, and prior to 1.0.4.14 on RV180 and RV180W devices allows remote malicious users to hijack the authentication of administrators, aka Bug ID CSCuh87145.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco rv180_firmware

cisco rv180w -

cisco rv180 -

cisco rv220w_firmware

cisco rv220w -

cisco rv120w_firmware

cisco rv120w -

Vendor Advisories

Cisco: Multiple Vulnerabilities in Cisco Small Business RV Series Routers
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities: Cisco RV Series Routers Command Injection Vulnerability Cisco RV Series Routers HTTP Referer Header Vulnerability Cisco RV ...
Cisco: Cisco Small Business RV Series Routers HTTP Referer Header Vulnerability
A vulnerability in the administrative web interface of the Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack The vulnerability is due ...

References

CWE-352http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rvhttp://seclists.org/fulldisclosure/2014/Nov/6http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.htmlhttp://www.securitytracker.com/id/1031171https://exchange.xforce.ibmcloud.com/vulnerabilities/98498http://www.securityfocus.com/archive/1/533917/100/0/threadedhttps://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook