A vulnerability in the command-line interface (CLI) command parser of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, local malicious user to inject arbitrary shell commands that are executed by the device. The commands are executed with full administrator privileges. The vulnerability is due to insufficient input validation of user-controlled input parameters entered at the CLI. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input parameters to certain commands. A successful exploit could allow an authenticated malicious user to execute arbitrary shell commands or scripts on the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco rv110w_wireless-n_vpn_firewall_firmware |
||
cisco rv130w_wireless-n_multifunction_vpn_router_firmware |
||
cisco rv215w_wireless-n_vpn_router_firmware |