module
Cisco RV320/RV326 Configuration Disclosure
| Disclosed | Created |
|---|---|
| Jan 24, 2019 | Mar 19, 2019 |
Disclosed
Jan 24, 2019
Created
Mar 19, 2019
Description
A vulnerability in the web-based management interface of Cisco Small Business
RV320 and RV325 Dual Gigabit WAN VPN routers could allow an unauthenticated,
remote attacker to retrieve sensitive information. The vulnerability is due
to improper access controls for URLs. An attacker could exploit this
vulnerability by connecting to an affected device via HTTP or HTTPS and
requesting specific URLs. A successful exploit could allow the attacker to
download the router configuration or detailed diagnostic information. Cisco
has released firmware updates that address this vulnerability.
RV320 and RV325 Dual Gigabit WAN VPN routers could allow an unauthenticated,
remote attacker to retrieve sensitive information. The vulnerability is due
to improper access controls for URLs. An attacker could exploit this
vulnerability by connecting to an affected device via HTTP or HTTPS and
requesting specific URLs. A successful exploit could allow the attacker to
download the router configuration or detailed diagnostic information. Cisco
has released firmware updates that address this vulnerability.
Authors
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.