Lucene search

CiscoCVELIST:CVE-2020-3331

HistoryJul 16, 2020 - 5:20 p.m.

CVE-2020-3331 Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability

2020-07-1617:20:56

CWE-119

cisco

www.cve.org

cisco

rv110w

rv215w

routers

vulnerability

web-based management

arbitrary code execution

remote attacker

user-supplied input

root user privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user.

CNA Affected

[
  {
    "product": "Cisco RV110W Wireless-N VPN Firewall Firmware",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Related for CVELIST:CVE-2020-3331