cnvd - cnvd-2016-06187

cnvd-2016-06187

Vulnerability from cnvd

Title

Cisco RV180/RV180W任意命令执行漏洞

Description

Cisco RV180、RV180W为无线多功能VPN路由器。 Cisco RV180、RV180W的Web接口未正确验证HTTP请求存在安全漏洞。攻击者通过向受影响设备发送构造的HTTP请求，利用此漏洞可以root权限执行任意命令。

Severity

高

Formal description

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2

Impacted products

Name
['Cisco RV180 VPN Router', 'Cisco RV180W Wireless-N Multifunction VPN Router']

Show details on source website

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92275"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1430"
    }
  },
  "description": "Cisco RV180\u3001RV180W\u4e3a\u65e0\u7ebf\u591a\u529f\u80fdVPN\u8def\u7531\u5668\u3002\r\n\r\nCisco RV180\u3001RV180W\u7684Web\u63a5\u53e3\u672a\u6b63\u786e\u9a8c\u8bc1HTTP\u8bf7\u6c42\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u6784\u9020\u7684HTTP\u8bf7\u6c42\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06187",
  "openTime": "2016-08-10",
  "products": {
    "product": [
      "Cisco RV180 VPN Router",
      "Cisco RV180W Wireless-N Multifunction VPN Router"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2",
  "serverity": "\u9ad8",
  "submitTime": "2016-08-09",
  "title": "Cisco RV180/RV180W\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2016-1430 (GCVE-0-2016-1430)

Vulnerability from cvelistv5

Published

2016-08-08 00:00

Modified

2024-08-05 22:55

Severity ?

CWE

n/a

Summary

Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592.

References

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1036525	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/92275	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160803 Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2"
          },
          {
            "name": "1036525",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036525"
          },
          {
            "name": "92275",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92275"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160803 Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2"
        },
        {
          "name": "1036525",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036525"
        },
        {
          "name": "92275",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92275"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1430",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160803 Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2"
            },
            {
              "name": "1036525",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036525"
            },
            {
              "name": "92275",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92275"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1430",
    "datePublished": "2016-08-08T00:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.