Cisco Small Business Routers, RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, RV215W Wireless-N VPN Router
Multiple vulnerabilities have been identified in the web-based management interface of the Cisco small business RV110W, RV130, RV130W, and RW215W routers which allow an unauthenticated, remote attacker to execute arbitrary codes and commands with root privileges.
This vulnerability exists due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending maliciously crafted HTTPS requests to a targeted system.
Successful exploitation of such vulnerabilities could allow an attacker to execute arbitrary codes as the root user on the underlying operating system or cause the device to reload, resulting in the denial of service (DoS) condition.
✻ Exposing sensitive information to unauthorized parties
✻ Unauthorized access to the router
✻ Denial of Service
Solution/ Workarounds✻ Apply the appropriate security patch mentioned below,
The information provided herein is on "as is" basis, without warranty of any kind.