CVE-2019-1663
Last modified
CVE-2019-1663 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. EPSS estimates a 95.71% chance of exploitation in the next 30 days.
Description
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv110w Firmware | < 1.2.2.1 |
| Cisco | Rv130w Firmware | < 1.0.3.45 |
| Cisco | Rv215w Firmware | < 1.3.1.1 |
References
- http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.htmlThird Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.htmlThird Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.htmlThird Party Advisory, VDB Entry
- http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rceExploit, Third Party Advisory
- http://www.securityfocus.com/bid/107185Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/46705/Exploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.htmlThird Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.htmlThird Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.htmlThird Party Advisory, VDB Entry
- http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rceExploit, Third Party Advisory
- http://www.securityfocus.com/bid/107185Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/46705/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1663?
How severe is CVE-2019-1663?
How do I fix CVE-2019-1663?
Are you affected by CVE-2019-1663?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST