Vulnerabilites related to cisco - rv220w_wireless_network_security_firewall
Vulnerability from fkie_nvd
Published
2018-10-05 16:29
Modified
2024-11-21 03:38
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.
References
psirt@cisco.comhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179Permissions Required, Vendor Advisory
Impacted products
Vendor Product Version
cisco rv180w_wireless-n_multifunction_vpn_router -
cisco rv220w_wireless_network_security_firewall -


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F284747-88FE-435D-80DF-E6C70BFEC1B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5842FEB-322F-43E5-9349-583D236F12B9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el código framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podría permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podría recuperar información sensible que debería estar restringida. Una vulnerabilidad en el código framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podría permitir que un atacante remoto no autenticado ejecute consultas SQL arbitrarias. El atacante podría recuperar información sensible que debería estar restringida. El producto ha entrado en su fase de fin de vida y no habrá más parches de firmware.",
      },
   ],
   id: "CVE-2018-0404",
   lastModified: "2024-11-21T03:38:09.447",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-10-05T16:29:00.300",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2016-01-27 22:59
Modified
2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220Vendor Advisory
psirt@cisco.comhttp://www.securitytracker.com/id/1034830
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034830
Impacted products
Vendor Product Version
cisco rv016_multi-wan_vpn_router *
cisco rv042_dual_wan_vpn_router *
cisco rv042g_dual_gigabit_wan_vpn_router *
cisco rv082_dual_wan_vpn_router *
cisco rv110w_wireless-n_vpn_firewall *
cisco rv120w_wireless-n_vpn_firewall *
cisco rv130_vpn_router *
cisco rv130w_wireless-n_multifunction_vpn_router *
cisco rv180_vpn_router *
cisco rv180w_wireless-n_multifunction_vpn_router *
cisco rv215w_wireless-n_vpn_router *
cisco rv220w_wireless_network_security_firewall *
cisco rv320_dual_gigabit_wan_vpn_router *
cisco rv320_dual_gigabit_wan_wf_vpn_router *
cisco rv325_dual_gigabit_wan_wf_vpn_router *
cisco rv325_dual_wan_gigabit_vpn_router *
cisco rvl200_4-port_ssl_ipsec_vpn_router *
cisco rvs4000_4-port_gigabit_security_router_-_vpn *
cisco wrv200_wireless-g_vpn_router_-_rangebooster *
cisco wrv210_wireless-g_vpn_router_-_rangebooster *
cisco wrvs4400n_wireless-n_gigabit_security_router_-_vpn_v2.0 *
cisco rv_series_router_firmware 1.0.0.2
cisco rv_series_router_firmware 1.0.0.30
cisco rv_series_router_firmware 1.0.1.9
cisco rv_series_router_firmware 1.0.2.6
cisco rv_series_router_firmware 1.0.3.10
cisco rv_series_router_firmware 1.0.4.10
cisco rv_series_router_firmware 1.0.4.14
cisco rv_series_router_firmware 1.0.5.6
cisco rv_series_router_firmware 1.0.5.8
cisco rv_series_router_firmware 1.0.6.6
cisco rv_series_router_firmware 1.1.0.9
cisco rv_series_router_firmware 1.2.0.2
sun opensolaris snv_124


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv016_multi-wan_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "217831DB-FC07-443B-B969-2513ACE0C0AA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "87905EBD-2C32-41C7-933E-168B1A5941F2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0008DDD6-A6A5-46A2-B9A0-1DC807E29E02",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv082_dual_wan_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "37F1D3C2-8CD6-416D-80C2-3ECBB941DA55",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F95AABA7-ADCF-474B-A1AD-E55EFC09CF2A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv120w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3562EAC-7DD9-4D7E-8A54-577FAEDFD42B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv130_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A7C79FC-EC93-4832-85EC-E7D5672A7DF4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4993AC7B-5E6F-4DB5-90D8-3181148BC7B0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv180_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C656EE6-510D-4530-947E-6C1DE46EBC68",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A68C4AD-0FB1-45FE-BD04-C3DC8A716F3F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "175F8546-DBBB-4C34-9B9A-A39A6E70F2AF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DD07AB5-E9DA-463F-B017-7A10FD8C2878",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "40BE4E08-761E-44B1-923C-8CAF3EA1B812",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "22E350F7-5E72-4749-BBFE-021A3B838105",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv325_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE38F76A-20EB-4A00-A84D-F5F262E7A1AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rv325_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "57228295-609D-4939-9FEF-71EFE6FFEAB6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rvl200_4-port_ssl_ipsec_vpn_router:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4558947-E413-4283-959A-B7C854BCECE6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:rvs4000_4-port_gigabit_security_router_-_vpn:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "54D7930A-EC68-4518-BA88-529A3D4F0919",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:wrv200_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D22C7E67-0F47-416F-80A5-D218C655D275",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:wrv210_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7618CAE2-22D2-44B1-8FE8-F29101B62D57",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:wrvs4400n_wireless-n_gigabit_security_router_-_vpn_v2.0:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0954EAD-6830-499E-BCE7-4F0FE1DDFE24",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "82E9DB28-1575-415C-BE18-9ADFD6BA66D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AE98C62-84E0-435F-A376-984B1819B94C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.1.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBC77F08-1A4A-46AC-8359-5B20BAA9989B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE637ED7-943B-45A3-A0B3-EEAE02A96693",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.3.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA64F9F9-6843-4A74-8DC4-692B8A7E8394",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "95D5F5BE-8A32-415A-A686-5221C42EFD8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCCDA0D3-AF8C-4EC2-8DC8-64322452C697",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF064F34-25A3-474E-BCA8-BC135FA4B834",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "1DEC997B-96CF-43E6-98C8-D6E469CA471D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9B6AD360-866C-4E63-BA54-EAF697560D07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.1.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0B5DF7C-99D2-4CF9-A0AD-8D6BE5780CA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:rv_series_router_firmware:1.2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F60788C6-2130-4561-B1C8-72B138F2E9B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección SQL en la interfaz de gestión basada en web en dispositivos Cisco RV220W permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una cabecera manipulada en una petición HTTP, también conocida como Bug ID CSCuv29574.",
      },
   ],
   id: "CVE-2015-6319",
   lastModified: "2025-04-12T10:46:40.837",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2016-01-27T22:59:00.100",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220",
      },
      {
         source: "psirt@cisco.com",
         url: "http://www.securitytracker.com/id/1034830",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1034830",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2015-6319
Vulnerability from cvelistv5
Published
2016-01-27 22:00
Modified
2024-08-06 07:15
Severity ?
Summary
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
References
http://www.securitytracker.com/id/1034830vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T07:15:13.307Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1034830",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034830",
               },
               {
                  name: "20160127 Cisco RV220W Management Authentication Bypass Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-01-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-05T14:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "1034830",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034830",
            },
            {
               name: "20160127 Cisco RV220W Management Authentication Bypass Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2015-6319",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1034830",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034830",
                  },
                  {
                     name: "20160127 Cisco RV220W Management Authentication Bypass Vulnerability",
                     refsource: "CISCO",
                     url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2015-6319",
      datePublished: "2016-01-27T22:00:00",
      dateReserved: "2015-08-17T00:00:00",
      dateUpdated: "2024-08-06T07:15:13.307Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-0404
Vulnerability from cvelistv5
Published
2018-10-05 16:00
Modified
2024-11-26 14:26
Severity ?
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.
References
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179x_refsource_CONFIRM
Impacted products
Vendor Product Version
Cisco Cisco RV180W Wireless-N Multifunction VPN Router Version: n/a
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:21:15.517Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-0404",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-25T18:52:57.519907Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-26T14:26:27.024Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco RV180W Wireless-N Multifunction VPN Router",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-10-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-05T15:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
            },
         ],
         source: {
            advisory: "CSCvk27179",
            defect: [
               [
                  "CSCvk27179",
               ],
            ],
            discovery: "UNKNOWN",
         },
         title: "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2018-10-03T16:00:00-0500",
               ID: "CVE-2018-0404",
               STATE: "PUBLIC",
               TITLE: "Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco RV180W Wireless-N Multifunction VPN Router",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "7.5",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-89",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
                     refsource: "CONFIRM",
                     url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179",
                  },
               ],
            },
            source: {
               advisory: "CSCvk27179",
               defect: [
                  [
                     "CSCvk27179",
                  ],
               ],
               discovery: "UNKNOWN",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2018-0404",
      datePublished: "2018-10-05T16:00:00Z",
      dateReserved: "2017-11-27T00:00:00",
      dateUpdated: "2024-11-26T14:26:27.024Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}