ID CVE-2014-0683
Summary The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.
References
Vulnerable Configurations
  • cpe:2.3:o:cisco:rv110w_firmware:1.1.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:rv110w_firmware:1.1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:rv215w:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:rv215w:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:cvr100w_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:cvr100w_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:h:cisco:cvr100w:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:cvr100w:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 15-12-2018 - 11:29)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
cisco 20140305 Cisco Small Business Router Password Disclosure Vulnerability
exploit-db 45986
Last major update 15-12-2018 - 11:29
Published 06-03-2014 - 11:55
Last modified 15-12-2018 - 11:29
Back to Top