CVE-2014-2177

2014-11-0711:55:02

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

75.4%

JSON

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.

Affected configurations

Nvd

Node

ciscorv120w_firmwareRange≤1.0.5.8

AND

ciscorv120wMatch-

Node

ciscorv220w_firmwareRange≤1.0.5.8

AND

ciscorv220wMatch-

Node

ciscorv180_firmwareRange≤1.0.3.10

AND

ciscorv180Match-

ciscorv180wMatch-

VendorProductVersionCPE
ciscorv120w_firmware*cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*
ciscorv120w-cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*
ciscorv220w_firmware*cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*
ciscorv220w-cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*
ciscorv180_firmware*cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*
ciscorv180-cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*
ciscorv180w-cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	rv120w_firmware	*	cpe:2.3:o:cisco:rv120w_firmware::::::::
cisco	rv120w	-	cpe:2.3:h:cisco:rv120w:-:::::::*
cisco	rv220w_firmware	*	cpe:2.3:o:cisco:rv220w_firmware::::::::
cisco	rv220w	-	cpe:2.3:h:cisco:rv220w:-:::::::*
cisco	rv180_firmware	*	cpe:2.3:o:cisco:rv180_firmware::::::::
cisco	rv180	-	cpe:2.3:h:cisco:rv180:-:::::::*
cisco	rv180w	-	cpe:2.3:h:cisco:rv180w:-:::::::*