A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote malicious user to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the malicious user to cause the device to stop responding, resulting in a denial of service condition, or could allow the malicious user to execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco rv110w_firmware |
||
cisco rv130w_firmware |
||
cisco rv215w_firmware |
Replace those end-of-life VPN devices, they won't be patched
Cisco has taken delivery of a bulk order for 29 Common Vulnerabilities and Exposures (CVEs) IDs. If you're running the end-of-life RV110 Wireless-N VPN firewall or RV215W Wireless-N VPN router, bad news: some of their security vulnerabilities won't be patched and there's no workaround – so it is probably time to replace them. Those are listed in one of two new critical-rated CVEs, the other of which Cisco fixed without your help. Users don't need to take any action about the now-patched authen...