4 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes. • https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. Vulnerabilidad de salto de directorio en la interfaz web en dispositivos Cisco RV180 y RV180W permite a atacantes remotos leer archivos arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCuz43023. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1 http://www.securityfocus.com/bid/92270 http://www.securitytracker.com/id/1036527 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. Dispositivos Cisco RV180 y RV180W permite a usuarios remotos autenticados ejecutar comandos arbitrarios como root a través de una petición HTTP manipulada, también conocido como Bug ID CSCuz48592. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2 http://www.securityfocus.com/bid/92275 http://www.securitytracker.com/id/1036525 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0

SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. Vulnerabilidad de inyección SQL en la interfaz de gestión basada en web en dispositivos Cisco RV220W permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una cabecera manipulada en una petición HTTP, también conocida como Bug ID CSCuv29574. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 http://www.securitytracker.com/id/1034830 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •