CVE-2019-1897 – Cisco RV110W, RV130W, and RV215W Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1897
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Una vulnerabilidad en la interfaz de administración basada en web de los enrutadores RV110W, RV130W y RV215W de Cisco, podría permitir a un atacante remoto no autenticado desconectar a los clientes que están conectados a la red de invitado en un enrutador afectado. • http://www.securityfocus.com/bid/108848 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos https://www.tenable.com/security/research/tra-2019-29 • CWE-285: Improper Authorization CWE-306: Missing Authentication for Critical Function •
CVE-2019-1898 – Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
https://notcve.org/view.php?id=CVE-2019-1898
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. Una vulnerabilidad en la interfaz de administración basada en web de los enrutadores RV110W, RV130W y RV215W de Cisco, podría permitir que un atacante remoto no autenticado acceda al archivo syslog en un dispositivo afectado. • http://www.securityfocus.com/bid/108865 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess https://www.tenable.com/security/research/tra-2019-29 • CWE-285: Improper Authorization CWE-425: Direct Request ('Forced Browsing') •
CVE-2019-1843 – Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1843
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. Una vulnerabilidad en la interfaz de administración basada en web de los enrutadores RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN, and RV215W Wireless-N VPN de Cisco, podría permitir que un atacante remoto no autenticado causara una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/108864 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rvrouters-dos • CWE-20: Improper Input Validation •
CVE-2019-1663 – Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1663
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. • https://www.exploit-db.com/exploits/46961 https://www.exploit-db.com/exploits/47348 https://www.exploit-db.com/exploits/46705 https://github.com/StealYourCode/CVE-2019-1663 https://github.com/abrumsen/CVE-2019-1663 http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2018-0423 – Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-0423
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. Una vulnerabilidad en la interfaz de gestión web de los dispositivos Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router y Cisco RV215W Wireless-N VPN Router podría permitir que un atacante remoto no autenticado provoque una denegación de servicio (DoS) o ejecute código arbitrario. • http://www.securityfocus.com/bid/105285 http://www.securitytracker.com/id/1041675 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •