CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1827 – Cisco Small Business RV320 and RV325 Routers Online Help Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1827
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. Una vulnerabilidad en el servicio web de ayuda online de los routers Small Business RV320 y RV325 Dual Gigabit WAN VPN de Cisco podría permitir a un atacante remoto no autenticado realizar un ataque reflejado de Cross-Site Scripting (XSS) contra un usuario del servicio. • http://www.securityfocus.com/bid/107776 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 97%CPEs: 6EXPL: 8CVE-2019-1653 – Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1653
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. • https://www.exploit-db.com/exploits/46655 https://www.exploit-db.com/exploits/46262 https://github.com/dubfr33/CVE-2019-1653 https://github.com/ibrahimzx/CVE-2019-1653 http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2019/Mar/5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 97%CPEs: 4EXPL: 5CVE-2019-1652 – Cisco Small Business Routers Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1652
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability. • https://www.exploit-db.com/exploits/46655 https://www.exploit-db.com/exploits/46243 http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2019/Mar/61 http://www.securityfocus.com/bid/106728 https://seclists.org/bugtraq/2019/Mar/55 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 48EXPL: 0CVE-2015-6358
https://notcve.org/view.php?id=CVE-2015-6358
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. Múltiples dispositivos con software de Cisco incorporado utilizan certificados X.509 embebidos y claves de host SSH embebidas en el firmware, lo que permite que atacantes remotos superen los mecanismos de protección criptográfica y realicen ataques Man-in-the-Middle (MitM) sabiendo de estos certificados y claves de otra instalación. Esto también se conoce por los siguientes Bug ID: CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899 y CSCuw90913. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci http://www.kb.cert.org/vuls/id/566724 http://www.securityfocus.com/bid/78047 http://www.securitytracker.com/id/1034255 http://www.securitytracker.com/id/1034256 http://www.securitytracker.com/id/1034257 http://www.securitytracker.com/id/1034258 • CWE-295: Improper Certificate Validation •
CVSS: 9.6EPSS: 1%CPEs: 30EXPL: 0CVE-2017-3882
https://notcve.org/view.php?id=CVE-2017-3882
A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. • http://www.securityfocus.com/bid/98287 http://www.securitytracker.com/id/1038391 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •