Executive Summary
Summary | |
---|---|
Title | Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180207-rv13x | First vendor Publication | 2018-02-07 |
Vendor | Cisco | Last vendor Modification | 2018-02-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJaeyP7XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcziZcP/RxM10X5DYgfH4ZDx2jB4+UKmoxH SMlLfa7qgCPjnRDSN1hkquHa7NL7jAEfzwTyMU22oY23wyvF5wfHQ/Tm2oQHJkeB 4PWK0YJ+6/MVSXQZTyAfbZwn1r5pRtGSUqZlLxmU9DnBUtlrkiI6nNeeDyVNcx58 ULoqw+e1+Q/pUb3ah99GvxxAja8Vu1AeHjlntmWZfGMQu5O/N8XP5QmkqrQfDr7E uNt9yEpx4oXZ/nTLIQ27O9MFABXceAxMqDuri2KhB7jTN1EOZ6L/qdJUCgO8weJm NPVmqg6/SE0CJeX3g61wgJS/NnECQ8bVq01dtQJtRixULteNvCgoLgtmQeYz5XB8 HY3/JX1XFEWCy8KQKFXIedmEu16JZbOiH2tLh9WVfelH07KttBzplsh6T4MFXChJ nOieSoqduI0Nnwq49daiYV6fe3HxpFIPVmjWIdRxGoNTifDVMDbrJV5+23gqn3nL qD8p7xVw8d97HvFtOD3NboBUbZKaImRNArETe86hK/SmfZ4Rhe1wn4nJoidc9J7a MoNvFmpakMFUTHeX6sGhqpJFT0zQEDFRipS18Bv9iNR8+ZSCz9jdx48PXMJ1rszN lCLj/C9rzOjaau3qdcqzInrmMySKLnTeYrD+Ax63JLoWZ+1Pvo/C9xj2SGP1kBtO KlfFmKzljvMT/95D =8fDd END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-02-08 | Cisco RV132W and RV134W routers command injection attempt RuleID : 45623 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2018-03-13 17:21:19 |
|
2018-02-08 12:05:09 |
|
2018-02-07 21:20:06 |
|