A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall,
Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router
could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The vulnerability is due to improper validation of user-supplied data in the web-based management interface.
An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device.
A successful exploit could allow the attacker to execute arbitrary code on the underlying operating
system of the affected device as a high-privilege user.
RV110W Wireless-N VPN Firewall versions prior to 188.8.131.52 are affected.
RV130W Wireless-N Multifunction VPN Router versions prior to 184.108.40.206 are affected.
RV215W Wireless-N VPN Router versions prior to 220.127.116.11 are affected.
Note: successful exploitation may not result in a session, and as such,
on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
- Yu Zhang
- Haoliang Lu
- T. Shiomitsu
- Quentin Kaiser <firstname.lastname@example.org>