Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-1653

Published: 24/01/2019 Updated: 05/10/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 592
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Rv320 Firmware

Vulnerability Summary

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote malicious user to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the malicious user to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco rv320_firmware 1.4.2.17

cisco rv320_firmware 1.4.2.15

cisco rv325_firmware 1.4.2.17

cisco rv325_firmware 1.4.2.15

Vendor Advisories

Cisco: Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information The vulnerability is due to improper access controls for URLs An attacker could exploit this vulnerability by connecting to an affected device ...

Exploits

Exploit DB: Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::CmdStager def init ...
Exploit DB: Cisco RV300 / RV320 - Information Disclosure
# Exploit Title: 6coRV Exploit # Date: 01-26-2018 # Exploit Author: Harom Ramos [Horus] # Tested on: Cisco RV300/RV320 # CVE : CVE-2019-1653 import requests from requestspackagesurllib3exceptions import InsecureRequestWarning from fake_useragent import UserAgent def random_headers(): return dict({'user-agent': UserAgent()random}) def req ...
Exploit DB: Cisco RV320 Unauthenticated Configuration Export
RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface Affected versions include 14215 and 14217 ...
Exploit DB: Cisco RV320 Unauthenticated Diagnostic Data Retrieval
RedTeam Pentesting discovered that the Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device's web interface due to an inadequate fix by the vendor ...
Exploit DB: Cisco RV320 Unauthenticated Diagnostic Data Retrieval
RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface Versions affected include 14215 and 14217 ...
Exploit DB: Cisco RV300 / RV320 Information Disclosure
Cisco RV300 and RV320 suffer from an information disclosure vulnerability ...
Exploit DB: Cisco RV320 Unauthenticated Configuration Export
RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor ...
Exploit DB: Cisco RV320 / RV325 Unauthenticated Remote Code Execution
This Metasploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers Can be exploited via the WAN interface of the router Either via HTTPS on port 443 or HTTP on port 8007 on some older ...
Exploit DB: Cisco RV320 and RV325 Unauthenticated Remote Code Execution
This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers Can be exploited via the WAN interface of the router Either via HTTPS on port 443 or HTT ...
Exploit DB: Cisco RV320 and RV325 Unauthenticated Remote Code Execution
This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers Can be exploited via the WAN interface of the router Either via HTTPS on port 443 or HTT ...

Mailing Lists

Full Disclosure: [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [RT-SA-2018-003] Cisco RV320 Unauthenticated Diagnostic Data Retrieval <!--X-Subject-Header-End--> <!--X-Head-of-Messa ...
Full Disclosure: [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval <!--X-Subject-Header-End--> <!--X-Head-of-Messa ...

Metasploit Modules

Cisco RV320 and RV325 Unauthenticated Remote Code Execution

This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.

msf > use exploit/linux/http/cisco_rv32x_rce
msf exploit(cisco_rv32x_rce) > show targets
    ...targets...
msf exploit(cisco_rv32x_rce) > set TARGET < target-id >
msf exploit(cisco_rv32x_rce) > show options
    ...show and set options...
msf exploit(cisco_rv32x_rce) > exploit
Cisco RV320 and RV325 Unauthenticated Remote Code Execution

This exploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.

msf > use exploit/linux/http/cisco_rv32x_rce
msf exploit(cisco_rv32x_rce) > show targets
    ...targets...
msf exploit(cisco_rv32x_rce) > set TARGET < target-id >
msf exploit(cisco_rv32x_rce) > show options
    ...show and set options...
msf exploit(cisco_rv32x_rce) > exploit

Github Repositories

https://github.com/bibortone/CISCOSPIL

CiscoSpill Just a PoC tool to extract password using CVE-2019-1653 CVE-2019-1653 A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information The vulnerability is due to improper access controls for URLs An attacker could exploit thi

https://github.com/0x27/CiscoRV320Dump

CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!

CiscoRV320Dump CVE-2019-1653/CVE-2019-1652 Exploits For Dumping Cisco RV320 Configurations and getting RCE Implementations of the CVE-2019-1652 and CVE-2019-1653 exploits disclosed by Red Team Pentesting GmbH I only tested these on an RV320, but according to the Cisco advisory, the RV325 is also vulnerable The following Shodan queries appear to find them, if you are curious a

https://github.com/shaheemirza/CiscoSpill

Just a PoC tool to extract password using CVE-2019-1653.

CiscoSpill Just a PoC tool to extract password using CVE-2019-1653 CVE-2019-1653 A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information The vulnerability is due to improper access controls for URLs An attacker could exploit thi

https://github.com/k8gege/CiscoExploit

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

CiscoExploit Cisco Scan (IP/Port/HostName/Boot/Version) wwwcnblogscom/k8gege/p/10679491html CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution srcinciteio/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructurehtml Cisco SNMP RCE githubcom/artkond/cisco-snmp-rce CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping C

https://github.com/ibrahimzx/CVE-2019-1653

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information.

CVE-2019-1653 A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information Script python sederhana ini merupakan automation exploit pada CVE-2019-1653 yang meng-infeksi perangkat Cisco Small Business RV320 dan RV325 Kerentanan pertama

https://github.com/S3ntinelX/nmap-scripts

A collection of nmap scripts for different CVEs

Nmap Scripts A collection of nmap scripts for different CVEs Scripts Available: CVE-2019-1653 (Sensitive information access in web interface for Cisco RV320 and RV325 routers) CVE-2021-20038 (Stack based buffer overflow in SonicWall SMA100 httpd server)

https://github.com/dubfr33/CVE-2019-1653

NSE script to scan for Cisco routers vulnerable to CVE-2019-1653

CVE-2019-1653 NSE script to scan for Cisco routers vulnerable to CVE-2019-1653 Usage: nmap --script cve_2019_1653 -p 443 &lt;host&gt;

Recent Articles

Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed...
The Register • Shaun Nichols in San Francisco • 26 Jan 2019

...PHP's PEAR sabotaged for months, and more from the world of infosec

Roundup This week we saw Hadoop hacks, Exchange exploits, and Deadpool besting scammers. Here's some more computer security news to round off your week... Earlier this week, Cisco cleaned up a series of security flaws in its routers. Now, admins are being urged to apply those fixes as soon as possible now that exploits for two flaws in particular are public. A security dev going by the name of David Davidson has provided proof-of-concept code that leverages a data-disclosure vulnerability (CVE-2...

Read more...
SD-WAN admin? Your number came up in Cisco's latest bug list
The Register • Richard Chirgwin • 24 Jan 2019

Webex, security, IoT systems also need patches

Cisco's irregular patch cycle has come round again and this time the focus is on the company's SD-WAN product. As well as high-rated bugs in Webex, small business routers and various security products, Switchzilla has disclosed one critical bug in its SD-WAN, and another four vulnerabilities rated high. That critical rating was assigned to CVE-2019-1651, a bug in the SD-WAN's virtual container, vContainer, the VM which hosts the SD-WAN controllers. If an attacker sends a malicious file to the vC...

Read more...

References

CWE-200https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-infohttp://www.securityfocus.com/bid/106732https://www.exploit-db.com/exploits/46262/https://www.youtube.com/watch?v=bx0RQJDlGbYhttps://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/http://seclists.org/fulldisclosure/2019/Mar/60http://seclists.org/fulldisclosure/2019/Mar/59https://seclists.org/bugtraq/2019/Mar/54https://seclists.org/bugtraq/2019/Mar/53http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.htmlhttp://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.htmlhttp://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/46655/https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/https://threatpost.com/scans-cisco-routers-code-execution/141218/https://nvd.nist.govhttps://www.exploit-db.com/exploits/46655https://github.com/0x27/CiscoRV320Dumphttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook