Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1000
VMScore

CVE-2019-1663

Published: 28/02/2019 Updated: 05/10/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Rv110w Firmware

Vulnerability Summary

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote malicious user to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the malicious user to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions before 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions before 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions before 1.3.1.1 are affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco rv110w_firmware

cisco rv130w_firmware

cisco rv215w_firmware

Vendor Advisories

Cisco: Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device The vulnerability is due to improper validation of user-supplied ...

Exploits

Exploit DB: Cisco RV130W 1.0.3.44 Remote Stack Overflow
Cisco RV130W version 10344 suffers from a remote stack overflow vulnerability ...
Exploit DB: Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## # linux/armle/meterpreter/bind_tcp -> segfault # linux/armle/meterpreter/reverse_tcp -> segfault # linux/armle/meterpreter_reverse_http -> works # linux/armle/meterpreter_reverse_https -> works # lin ...
Exploit DB: Cisco RV130W 1.0.3.44 - Remote Stack Overflow
#!/usr/bin/python # Exploit Title: Cisco RV130W Remote Stack Overflow # Google Dork: n/a # Date: Advisory Published: Feb 2019 # Exploit Author: @0x00string # Vendor Homepage: ciscocom # Software Link: wwwciscocom/c/en/us/products/routers/rv130w-wireless-n-multifunction-vpn-router/indexhtml # Version: 10344 and prior # Tested on: 10 ...
Exploit DB: Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## # linux/armle/meterpreter/bind_tcp -> segfault # linux/armle/meterpreter/reverse_tcp -> segfault # linux/armle/meterpreter_reverse_http -> works # linux/armle/meterpreter_reverse_https -> works # lin ...

Github Repositories

https://github.com/welove88888/Cisco-RV130W

Cisco-RV130W The vulnerability, CVE-2019-1663, has a CVSS score of 98 and impacts the Cisco RV215W Wireless-N VPN Router, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV110W Wireless-N VPN Firewall These small business routers are used for wireless connectivity in small offices and home offices Credits 0x00string

https://github.com/Oraxiage/CVE-2019-1663

Exploiting the pre-authentication code execution vulnerability found on RV130 cisco routers in 2019.

CVE-2019-1663 Exploiting the pre-authentication code execution vulnerability found on RV130 cisco routers in 2019

https://github.com/StealYourCode/CVE-2019-1663

Docs on the Vulnerability CVE-2019-1663 (Cisco Routers)

CVE-2019-1663 The purpose of this repository is to gather my research on the CVE-2019-1663 vulnerability, This vulnerability was discovered in version 10440 of Cisco's RV110, RV130 and RV225 routers

Recent Articles

Cisco cleans up critical flaws, Florida city forks out $600k to ransomware scumbags, and more from infosec land
The Register • Shaun Nichols in San Francisco • 24 Jun 2019

Your quick guide to what else has been happening in computer security lately

Roundup Here's a quick Monday summary of recent infosec news, beyond what we've already reported. Admins running Cisco gear will need to dedicate some time to updating their software an firmware following the release of 26 security patches from Switchzilla. Of the fixes, three are for critical flaws: CVE-2019-1663 is a remote code execution flaw in the RV110W, RV130W and RV215W routers. CVE-2019-1848 is an authentication bypass flaw in DNA Center, and CVE-2019-1625 covers a privilege escalation ...

Read more...

References

CWE-787https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-exhttp://www.securityfocus.com/bid/107185http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/46705/http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rcehttp://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.htmlhttp://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.htmlhttps://github.com/Oraxiage/CVE-2019-1663https://www.exploit-db.com/exploits/47348https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook