CVE-2020-3144
Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.
Una vulnerabilidad en la interfaz de administración basada en web de Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, y RV215W Wireless-N VPN Router, podría permitir a un atacante remoto no autenticado omitir la autenticación y ejecutar comandos arbitrarios con comandos administrativos en un dispositivo afectado. La vulnerabilidad es debido a una gestión de sesión inapropiada en los dispositivos afectados. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP diseñada hacia el dispositivo afectado. Una explotación con éxito podría permitir a un atacante obtener acceso administrativo en el dispositivo afectado
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2019-12-12 CVE Reserved
- 2020-07-16 CVE Published
- 2024-08-24 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Rv110w Firmware Search vendor "Cisco" for product "Rv110w Firmware" | < 1.2.2.8 Search vendor "Cisco" for product "Rv110w Firmware" and version " < 1.2.2.8" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv110w Search vendor "Cisco" for product "Rv110w" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Rv130 Firmware Search vendor "Cisco" for product "Rv130 Firmware" | < 1.0.3.55 Search vendor "Cisco" for product "Rv130 Firmware" and version " < 1.0.3.55" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv130 Search vendor "Cisco" for product "Rv130" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Rv130w Firmware Search vendor "Cisco" for product "Rv130w Firmware" | < 1.0.3.55 Search vendor "Cisco" for product "Rv130w Firmware" and version " < 1.0.3.55" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv130w Search vendor "Cisco" for product "Rv130w" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Rv215w Firmware Search vendor "Cisco" for product "Rv215w Firmware" | < 1.3.1.7 Search vendor "Cisco" for product "Rv215w Firmware" and version " < 1.3.1.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv215w Search vendor "Cisco" for product "Rv215w" | - | - |
Safe
|