A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote malicious user to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the malicious user to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions before 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions before 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions before 1.3.1.1 are affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco rv110w_firmware |
||
cisco rv130w_firmware |
||
cisco rv215w_firmware |
Your quick guide to what else has been happening in computer security lately
Roundup Here's a quick Monday summary of recent infosec news, beyond what we've already reported. Admins running Cisco gear will need to dedicate some time to updating their software an firmware following the release of 26 security patches from Switchzilla. Of the fixes, three are for critical flaws: CVE-2019-1663 is a remote code execution flaw in the RV110W, RV130W and RV215W routers. CVE-2019-1848 is an authentication bypass flaw in DNA Center, and CVE-2019-1625 covers a privilege escalation ...