CVE-2015-6396
Cisco RV110W - Password Disclosure / Command Execution
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
El analizador de comandos CLI en dispositivos Cisco RV110W, RV130W y RV215W permite a usuarios locales ejecutar comandos shell arbitrarios como un administrador a través de parámetros manipulados, también conocido como Bug IDs CSCuv90134, CSCux58161 y CSCux73567.
Cisco RV110W suffers from password disclosure and command execution vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-17 CVE Reserved
- 2016-08-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/92269 | Vdb Entry | |
| http://www.securitytracker.com/id/1036528 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/45986 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Rv110w Wireless-n Vpn Firewall Firmware Search vendor "Cisco" for product "Rv110w Wireless-n Vpn Firewall Firmware" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv110w Wireless-n Vpn Firewall Search vendor "Cisco" for product "Rv110w Wireless-n Vpn Firewall" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Rv130w Wireless-n Multifunction Vpn Router Firmware Search vendor "Cisco" for product "Rv130w Wireless-n Multifunction Vpn Router Firmware" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv130w Wireless-n Multifunction Vpn Router Search vendor "Cisco" for product "Rv130w Wireless-n Multifunction Vpn Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Rv215w Wireless-n Vpn Router Firmware Search vendor "Cisco" for product "Rv215w Wireless-n Vpn Router Firmware" | * | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv215w Wireless-n Vpn Router Search vendor "Cisco" for product "Rv215w Wireless-n Vpn Router" | - | - |
Safe
|