CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
75.4%
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | rv120w_firmware | * | cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:* |
cisco | rv120w | - | cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:* |
cisco | rv220w_firmware | * | cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:* |
cisco | rv220w | - | cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:* |
cisco | rv180_firmware | * | cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:* |
cisco | rv180 | - | cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:* |
cisco | rv180w | - | cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:* |
packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
seclists.org/fulldisclosure/2014/Nov/6
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
www.securityfocus.com/archive/1/533917/100/0/threaded
www.securitytracker.com/id/1031171
exchange.xforce.ibmcloud.com/vulnerabilities/98497