// For flags

CVE-2018-0425

Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.

Una vulnerabilidad en la interfaz de gestión web de los dispositivos Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router y Cisco RV215W Wireless-N VPN Router podría permitir que un atacante remoto no autenticado obtenga información sensible. La vulnerabilidad se debe al control de acceso incorrecto a archivos en la interfaz de gestión web. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones maliciosas a un dispositivo objetivo. Su explotación con éxito podría permitir que el atacante acceda a información de configuración sensible, incluidas las credenciales de autenticación del usuario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-27 CVE Reserved
  • 2018-10-05 CVE Published
  • 2024-06-20 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-269: Improper Privilege Management
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Rv110w Firmware
Search vendor "Cisco" for product "Rv110w Firmware"
 <= 1.2.1.7
Search vendor "Cisco" for product "Rv110w Firmware" and version " <= 1.2.1.7"
-
Affected
in Cisco
Search vendor "Cisco"
 Rv110w Wireless-n Vpn Firewall
Search vendor "Cisco" for product "Rv110w Wireless-n Vpn Firewall"
--
Safe
Cisco
Search vendor "Cisco"
 Rv130w Firmware
Search vendor "Cisco" for product "Rv130w Firmware"
 < 1.0.3.44
Search vendor "Cisco" for product "Rv130w Firmware" and version " < 1.0.3.44"
-
Affected
in Cisco
Search vendor "Cisco"
 Rv130w
Search vendor "Cisco" for product "Rv130w"
--
Safe
Cisco
Search vendor "Cisco"
 Rv215w Firmware
Search vendor "Cisco" for product "Rv215w Firmware"
 <= 1.3.0.8
Search vendor "Cisco" for product "Rv215w Firmware" and version " <= 1.3.0.8"
-
Affected
in Cisco
Search vendor "Cisco"
 Rv215w Wireless-n Vpn Router
Search vendor "Cisco" for product "Rv215w Wireless-n Vpn Router"
--
Safe