CVE-2019-1724 – Cisco Small Business RV320 and RV325 Routers Session Hijacking Vulnerability

https://notcve.org/view.php?id=CVE-2019-1724

03 May 2019 — A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit thi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sbr-hijack • CWE-287: Improper Authentication •