CVE-2019-1724 – Cisco Small Business RV320 and RV325 Routers Session Hijacking Vulnerability

https://notcve.org/view.php?id=CVE-2019-1724

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sbr-hijack • CWE-287: Improper Authentication •