Executive Summary

Summary
Title Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
Informations
Name cisco-sa-20180207-rv13x First vendor Publication 2018-02-07
Vendor Cisco Last vendor Modification 2018-02-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJaeyP7XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcziZcP/RxM10X5DYgfH4ZDx2jB4+UKmoxH SMlLfa7qgCPjnRDSN1hkquHa7NL7jAEfzwTyMU22oY23wyvF5wfHQ/Tm2oQHJkeB 4PWK0YJ+6/MVSXQZTyAfbZwn1r5pRtGSUqZlLxmU9DnBUtlrkiI6nNeeDyVNcx58 ULoqw+e1+Q/pUb3ah99GvxxAja8Vu1AeHjlntmWZfGMQu5O/N8XP5QmkqrQfDr7E uNt9yEpx4oXZ/nTLIQ27O9MFABXceAxMqDuri2KhB7jTN1EOZ6L/qdJUCgO8weJm NPVmqg6/SE0CJeX3g61wgJS/NnECQ8bVq01dtQJtRixULteNvCgoLgtmQeYz5XB8 HY3/JX1XFEWCy8KQKFXIedmEu16JZbOiH2tLh9WVfelH07KttBzplsh6T4MFXChJ nOieSoqduI0Nnwq49daiYV6fe3HxpFIPVmjWIdRxGoNTifDVMDbrJV5+23gqn3nL qD8p7xVw8d97HvFtOD3NboBUbZKaImRNArETe86hK/SmfZ4Rhe1wn4nJoidc9J7a MoNvFmpakMFUTHeX6sGhqpJFT0zQEDFRipS18Bv9iNR8+ZSCz9jdx48PXMJ1rszN lCLj/C9rzOjaau3qdcqzInrmMySKLnTeYrD+Ax63JLoWZ+1Pvo/C9xj2SGP1kBtO KlfFmKzljvMT/95D =8fDd END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1

Snort® IPS/IDS

Date Description
2018-02-08 Cisco RV132W and RV134W routers command injection attempt
RuleID : 45623 - Revision : 1 - Type : SERVER-WEBAPP

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-03-13 17:21:19
  • Multiple Updates
2018-02-08 12:05:09
  • Multiple Updates
2018-02-07 21:20:06
  • First insertion