Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
991
VMScore

CVE-2019-1652

Published: 24/01/2019 Updated: 05/10/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 991
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the malicious user to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco rv320_firmware 1.4.2.15

cisco rv325_firmware 1.4.2.15

Vendor Advisories

Cisco: Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands The vulnerability is due to improper validation of user-supplied input An attacker could exploit ...

Exploits

Exploit DB: Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 14215 and later Fixed Versions: since 14220 Vulnerability Type: Remote Code Execution Security Risk: m ...
Exploit DB: Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::CmdStager def init ...
Exploit DB: Cisco RV320 Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router Versions 14215 through 14219 are affected Fixed in version 14220 ...
Exploit DB: Cisco RV320 Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor ...
Exploit DB: Cisco RV320 / RV325 Unauthenticated Remote Code Execution
This Metasploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers Can be exploited via the WAN interface of the router Either via HTTPS on port 443 or HTTP on port 8007 on some older ...
Exploit DB: Cisco RV320 and RV325 Unauthenticated Remote Code Execution
This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers Can be exploited via the WAN interface of the router Either via HTTPS on port 443 or HTT ...
Exploit DB: Cisco RV320 and RV325 Unauthenticated Remote Code Execution
This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers Can be exploited via the WAN interface of the router Either via HTTPS on port 443 or HTT ...

Mailing Lists

Full Disclosure: [RT-SA-2018-004] Cisco RV320 Command Injection
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [RT-SA-2018-004] Cisco RV320 Command Injection <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: RedTeam Pe ...
Full Disclosure: [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: ...

Metasploit Modules

Cisco RV320 and RV325 Unauthenticated Remote Code Execution

This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.

msf > use exploit/linux/http/cisco_rv32x_rce
msf exploit(cisco_rv32x_rce) > show targets
    ...targets...
msf exploit(cisco_rv32x_rce) > set TARGET < target-id >
msf exploit(cisco_rv32x_rce) > show options
    ...show and set options...
msf exploit(cisco_rv32x_rce) > exploit
Cisco RV320 and RV325 Unauthenticated Remote Code Execution

This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.

msf > use exploit/linux/http/cisco_rv32x_rce
msf exploit(cisco_rv32x_rce) > show targets
    ...targets...
msf exploit(cisco_rv32x_rce) > set TARGET < target-id >
msf exploit(cisco_rv32x_rce) > show options
    ...show and set options...
msf exploit(cisco_rv32x_rce) > exploit

Github Repositories

https://github.com/0x27/CiscoRV320Dump

CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!

CiscoRV320Dump CVE-2019-1653/CVE-2019-1652 Exploits For Dumping Cisco RV320 Configurations and getting RCE Implementations of the CVE-2019-1652 and CVE-2019-1653 exploits disclosed by Red Team Pentesting GmbH I only tested these on an RV320, but according to the Cisco advisory, the RV325 is also vulnerable The following Shodan queries appear to find them, if you are curious a

https://github.com/k8gege/CiscoExploit

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

CiscoExploit Cisco Scan (IP/Port/HostName/Boot/Version) wwwcnblogscom/k8gege/p/10679491html CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution srcinciteio/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructurehtml Cisco SNMP RCE githubcom/artkond/cisco-snmp-rce CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping C

Recent Articles

Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed...
The Register • Shaun Nichols in San Francisco • 26 Jan 2019

...PHP's PEAR sabotaged for months, and more from the world of infosec

Roundup This week we saw Hadoop hacks, Exchange exploits, and Deadpool besting scammers. Here's some more computer security news to round off your week... Earlier this week, Cisco cleaned up a series of security flaws in its routers. Now, admins are being urged to apply those fixes as soon as possible now that exploits for two flaws in particular are public. A security dev going by the name of David Davidson has provided proof-of-concept code that leverages a data-disclosure vulnerability (CVE-2...

Read more...
SD-WAN admin? Your number came up in Cisco's latest bug list
The Register • Richard Chirgwin • 24 Jan 2019

Webex, security, IoT systems also need patches

Cisco's irregular patch cycle has come round again and this time the focus is on the company's SD-WAN product. As well as high-rated bugs in Webex, small business routers and various security products, Switchzilla has disclosed one critical bug in its SD-WAN, and another four vulnerabilities rated high. That critical rating was assigned to CVE-2019-1651, a bug in the SD-WAN's virtual container, vContainer, the VM which hosts the SD-WAN controllers. If an attacker sends a malicious file to the vC...

Read more...

References

CWE-78https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-injecthttps://www.exploit-db.com/exploits/46243/http://www.securityfocus.com/bid/106728http://seclists.org/fulldisclosure/2019/Mar/61https://seclists.org/bugtraq/2019/Mar/55http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.htmlhttp://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/46655/https://nvd.nist.govhttps://github.com/0x27/CiscoRV320Dumphttps://www.exploit-db.com/exploits/46243https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook