A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote malicious user to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the malicious user to execute arbitrary commands with root-level privileges. Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco rv180_vpn_router_firmware |
||
cisco rv180w_vpn_router_firmware |