CVE-2020-3278 – Cisco Small Business RV Series Routers Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3278
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Múltiples vulnerabilidades en la interfaz de administración basada en web de Routers Cisco Small Business RV320 y RV325 Series y Routers Cisco Small Business RV016, RV042, y RV082, podrían permitir a un atacante remoto autenticado con privilegios administrativos ejecutar comandos arbitrarios sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-3277 – Cisco Small Business RV Series Routers Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3277
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Múltiples vulnerabilidades en la interfaz de administración basada en web de Routers Cisco Small Business RV320 y RV325 Series y Routers Cisco Small Business RV016, RV042, y RV082, podrían permitir a un atacante remoto autenticado con privilegios administrativos ejecutar comandos arbitrarios sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-15990 – Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-15990
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication. Una vulnerabilidad en la interfaz de administración basada en web de determinados Enrutadores Cisco Small Business RV Series, podría permitir a un atacante remoto no autenticado visualizar la información desplegada en la interfaz de administración basada en web. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-sbr-rv-infodis • CWE-285: Improper Authorization •
CVE-2019-15271 – Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2019-15271
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x • CWE-502: Deserialization of Untrusted Data •
CVE-2015-6319
https://notcve.org/view.php?id=CVE-2015-6319
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. Vulnerabilidad de inyección SQL en la interfaz de gestión basada en web en dispositivos Cisco RV220W permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una cabecera manipulada en una petición HTTP, también conocida como Bug ID CSCuv29574. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 http://www.securitytracker.com/id/1034830 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •