module
Cisco RV320/RV326 Configuration Disclosure
| Disclosed |
|---|
| Jan 24, 2019 |
Disclosed
Jan 24, 2019
Description
A vulnerability in the web-based management interface of Cisco Small Business
RV320 and RV325 Dual Gigabit WAN VPN routers could allow an unauthenticated,
remote attacker to retrieve sensitive information. The vulnerability is due
to improper access controls for URLs. An attacker could exploit this
vulnerability by connecting to an affected device via HTTP or HTTPS and
requesting specific URLs. A successful exploit could allow the attacker to
download the router configuration or detailed diagnostic information. Cisco
has released firmware updates that address this vulnerability.
RV320 and RV325 Dual Gigabit WAN VPN routers could allow an unauthenticated,
remote attacker to retrieve sensitive information. The vulnerability is due
to improper access controls for URLs. An attacker could exploit this
vulnerability by connecting to an affected device via HTTP or HTTPS and
requesting specific URLs. A successful exploit could allow the attacker to
download the router configuration or detailed diagnostic information. Cisco
has released firmware updates that address this vulnerability.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.