Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-1663
HistoryFeb 28, 2019 - 6:29 p.m.

CVE-2019-1663

2019-02-2818:29:02
CWE-119
CWE-787
[email protected]
web.nvd.nist.gov
134
cve-2019-1663
cisco
rv110w
rv130w
rv215w
vulnerability
remote code execution
web interface
security

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.9%

JSON

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.

Affected configurations

NVD
Node
ciscorv110w_firmwareRange<1.2.2.1
AND
ciscorv110wMatch-
Node
ciscorv130w_firmwareRange<1.0.3.45
AND
ciscorv130wMatch-
Node
ciscorv215w_firmwareRange<1.3.1.1
AND
ciscorv215wMatch-

CNA Affected

[
  {
    "product": "RV110W Wireless-N VPN Firewall",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.2.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RV130W Wireless-N Multifunction VPN Router",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.0.3.45",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "RV215W Wireless-N VPN Router",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.3.1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

pentestpartners 1
prion 1
cvelist 1
threatpost 5
zdt 3
exploitpack 1
cisco 1
packetstorm 3
cve0day 1
nvd 1
checkpoint_advisories 1
nessus 1
exploitdb 1
pentestpartners
pentestpartners
Cisco RV130 – It’s 2019, but yet: strcpy
2019-02-28 08:00:49
prion
prion
Input validation
2019-02-28 18:29:00
cvelist
cvelist
CVE-2019-1663 Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
2019-02-27 00:00:00
threatpost
threatpost
19-Year-Old TLS Vulnerability Weakens Website Crypto
2017-12-13 14:33:32
Cisco Confirms Critical Firewall Software Bug Is Under Attack
2018-02-09 13:06:34
Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers
2019-02-28 14:27:13
zdt
zdt
Cisco RV110W / RV130(W) / RV215W Remote Command Execution Exploit
2019-09-02 00:00:00
Cisco RV130W Routers Management Interface Remote Command Execution Exploit
2019-04-15 00:00:00
Cisco RV130W 1.0.3.44 - Remote Stack Overflow Exploit
2019-06-04 00:00:00
exploitpack
exploitpack
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
2019-06-04 00:00:00
cisco
cisco
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
2019-02-27 16:00:00
packetstorm
packetstorm
Cisco RV110W / RV130(W) / RV215W Remote Command Execution
2019-09-02 00:00:00
Cisco RV130W 1.0.3.44 Remote Stack Overflow
2019-06-04 00:00:00
Cisco RV130W Routers Management Interface Remote Command Execution
2019-04-14 00:00:00
cve0day
cve0day
Cisco Routers CVE-2019-1663 Remote Command Execution
2019-03-07 13:55:18
nvd
nvd
CVE-2019-1663
2019-02-28 18:29:02
checkpoint_advisories
checkpoint_advisories
Cisco Multiple Routers Remote Code Execution (CVE-2019-1663)
2019-03-03 00:00:00
nessus
nessus
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability (cisco-sa-20190227-rmi-cmd-ex)
2019-02-27 00:00:00
exploitdb
exploitdb
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
2019-06-04 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.9%

JSON
Related for CVE-2019-1663
pentestpartners1prion1cvelist1threatpost5zdt3exploitpack1cisco1packetstorm3cve0day1nvd1checkpoint_advisories1nessus1exploitdb1