Description
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
The following Cisco products are affected:
Cisco RV110W Wireless-N VPN Firewall
Cisco RV130W Wireless-N Multifunction VPN Router
Cisco RV215W Wireless-N VPN Router
Cisco Routers CVE-2019-1663 Remote Command Executionζε εΊη°ε¨CVE 0dayγ