Page 15 of 77 results (0.007 seconds)

CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Múltiples vulnerabilidades en la interfaz de administración basada en web de Routers Cisco Small Business RV320 y RV325 Series y Routers Cisco Small Business RV016, RV042, y RV082, podrían permitir a un atacante remoto autenticado con privilegios administrativos ejecutar comandos arbitrarios sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Múltiples vulnerabilidades en la interfaz de administración basada en web de Routers Cisco Small Business RV320 y RV325 Series y Routers Cisco Small Business RV016, RV042, y RV082, podrían permitir a un atacante remoto autenticado con privilegios administrativos ejecutar comandos arbitrarios sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication. Una vulnerabilidad en la interfaz de administración basada en web de determinados Enrutadores Cisco Small Business RV Series, podría permitir a un atacante remoto no autenticado visualizar la información desplegada en la interfaz de administración basada en web. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-sbr-rv-infodis • CWE-285: Improper Authorization •

CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.6EPSS: 1%CPEs: 30EXPL: 0

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. • http://www.securityfocus.com/bid/98287 http://www.securitytracker.com/id/1038391 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •