module
Cisco RV130W Routers Management Interface Remote Command Execution
| Disclosed |
|---|
| 2019-02-27 |
Disclosed
2019-02-27
Description
A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router
could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The vulnerability is due to improper validation of user-supplied data in the web-based management interface.
An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device.
A successful exploit could allow the attacker to execute arbitrary code on the underlying operating
system of the affected device as a high-privilege user.
RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected.
Note: successful exploitation may not result in a session, and as such,
on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The vulnerability is due to improper validation of user-supplied data in the web-based management interface.
An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device.
A successful exploit could allow the attacker to execute arbitrary code on the underlying operating
system of the affected device as a high-privilege user.
RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected.
Note: successful exploitation may not result in a session, and as such,
on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.