CVE-2020-3332 – Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3332
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Small Business RV110W, RV130, RV130W, y RV215W Series Routers, podría permitir a un atacante remoto autenticado inyectar comandos de shell arbitrarios que son ejecutados por un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-3331 – Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3331
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. Una vulnerabilidad en la interfaz de administración basada en web de Cisco RV110W Wireless-N VPN Firewall y Cisco RV215W Wireless-N VPN Router, podría permitir a un atacante remoto no autenticado ejecutar código arbitrario en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-3330 – Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
https://notcve.org/view.php?id=CVE-2020-3330
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device. Una vulnerabilidad en el servicio Telnet de Cisco Small Business RV110W Wireless-N VPN Firewall Routers, podría permitir a un atacante remoto no autenticado tomar el control total del dispositivo con una cuenta con privilegios elevados. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy • CWE-798: Use of Hard-coded Credentials •
CVE-2020-3323 – Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3323
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Small Busines RV110W, RV130, RV130W y Routers RV215W podría permitir a un atacante remoto no autenticado ejecutar código arbitrario en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-3146 – Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3146
Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router y RV215W Wireless-N VPN Router, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •