Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Cisco Small Business Routers

 

Systems Affected


Cisco Small Business Routers, RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, RV215W Wireless-N VPN Router

Threat Level


High


Overview


Multiple vulnerabilities have been identified in the web-based management interface of the Cisco small business RV110W, RV130, RV130W, and RW215W routers which allow an unauthenticated, remote attacker to execute arbitrary codes and commands with root privileges.


Description


This vulnerability exists due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending maliciously crafted HTTPS requests to a targeted system.

Successful exploitation of such vulnerabilities could allow an attacker to execute arbitrary codes as the root user on the underlying operating system or cause the device to reload, resulting in the denial of service (DoS) condition.


Impact


  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access to the router
  ✻  Denial of Service


Solution/ Workarounds


  ✻  Apply the appropriate security patch mentioned below,
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U


References


  ✻  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN
  ✻  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U
  ✻  https://www.cisco.com


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.