Page 26 of 141 results (0.009 seconds)

CVSS: 5.3EPSS: 3%CPEs: 6EXPL: 1

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. Una vulnerabilidad en la interfaz de administración basada en web de los enrutadores RV110W, RV130W y RV215W de Cisco, podría permitir que un atacante remoto no autenticado acceda al archivo syslog en un dispositivo afectado. • http://www.securityfocus.com/bid/108865 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess https://www.tenable.com/security/research/tra-2019-29 • CWE-285: Improper Authorization CWE-425: Direct Request ('Forced Browsing') •

CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. Una vulnerabilidad en la interfaz de administración basada en web de los enrutadores RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN, and RV215W Wireless-N VPN de Cisco, podría permitir que un atacante remoto no autenticado causara una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/108864 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rvrouters-dos • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 6

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. • https://www.exploit-db.com/exploits/46961 https://www.exploit-db.com/exploits/47348 https://www.exploit-db.com/exploits/46705 https://github.com/StealYourCode/CVE-2019-1663 https://github.com/abrumsen/CVE-2019-1663 http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. Una vulnerabilidad en la interfaz de gestión web de los dispositivos Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router y Cisco RV215W Wireless-N VPN Router podría permitir que un atacante remoto no autenticado obtenga información sensible. • http://www.securitytracker.com/id/1041678 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. Una vulnerabilidad en la interfaz de gestión web de los dispositivos Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router y Cisco RV215W Wireless-N VPN Router podrían permitir que un atacante remoto autenticado ejecute comandos arbitrarios. • http://www.securitytracker.com/id/1041677 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •