Executive Summary

Informations
NameCVE-2018-0424First vendor Publication2018-10-05
VendorCveLast vendor Modification2019-10-09

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score9Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0424

CWE : Common Weakness Enumeration

%idName
100 %CWE-77Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware1
Hardware1
Hardware1
Os7
Os3
Os8

Sources (Detail)

SourceUrl
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...
SECTRACK http://www.securitytracker.com/id/1041677

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2019-10-10 05:20:13
  • Multiple Updates
2019-10-03 09:20:42
  • Multiple Updates
2019-06-26 01:00:31
  • Multiple Updates
2018-11-26 21:20:22
  • Multiple Updates
2018-10-07 17:19:23
  • Multiple Updates
2018-10-05 21:19:40
  • First insertion