Search
Find a vulnerability
Search criteria
8 vulnerabilities found for rv180_firmware by cisco
CVE-2015-6358 (GCVE-0-2015-6358)
Vulnerability from nvd – Published: 2017-10-12 15:00 – Updated: 2024-08-06 07:22
VLAI
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/566724 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id/1034258 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/78047 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1034255 | vdb-entryx_refsource_SECTRACK |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.securitytracker.com/id/1034257 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1034256 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#566724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6358",
"datePublished": "2017-10-12T15:00:00.000Z",
"dateReserved": "2015-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:20.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2179 (GCVE-0-2014-2179)
Vulnerability from nvd – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
VLAI
Summary
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://packetstormsecurity.com/files/128992/Cisco… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2014/Nov/6 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/533917/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securitytracker.com/id/1031171 | vdb-entryx_refsource_SECTRACK |
Date Public
2014-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "cisco-cve20142179-file-upload(98499)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "cisco-cve20142179-file-upload(98499)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "cisco-cve20142179-file-upload(98499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
},
{
"name": "1031171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2179",
"datePublished": "2014-11-07T11:00:00.000Z",
"dateReserved": "2014-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:05:59.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2178 (GCVE-0-2014-2178)
Vulnerability from nvd – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://packetstormsecurity.com/files/128992/Cisco… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://seclists.org/fulldisclosure/2014/Nov/6 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/533917/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1031171 | vdb-entryx_refsource_SECTRACK |
Date Public
2014-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142178-csrf(98498)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142178-csrf(98498)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142178-csrf(98498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2178",
"datePublished": "2014-11-07T11:00:00.000Z",
"dateReserved": "2014-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:05:59.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2177 (GCVE-0-2014-2177)
Vulnerability from nvd – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
VLAI
Summary
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://packetstormsecurity.com/files/128992/Cisco… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://seclists.org/fulldisclosure/2014/Nov/6 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/533917/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1031171 | vdb-entryx_refsource_SECTRACK |
Date Public
2014-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142177-command-exec(98497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142177-command-exec(98497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142177-command-exec(98497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2177",
"datePublished": "2014-11-07T11:00:00.000Z",
"dateReserved": "2014-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:05:59.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6358 (GCVE-0-2015-6358)
Vulnerability from cvelistv5 – Published: 2017-10-12 15:00 – Updated: 2024-08-06 07:22
VLAI
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/566724 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id/1034258 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/78047 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1034255 | vdb-entryx_refsource_SECTRACK |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.securitytracker.com/id/1034257 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1034256 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#566724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6358",
"datePublished": "2017-10-12T15:00:00.000Z",
"dateReserved": "2015-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:20.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2179 (GCVE-0-2014-2179)
Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
VLAI
Summary
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://packetstormsecurity.com/files/128992/Cisco… | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2014/Nov/6 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/533917/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securitytracker.com/id/1031171 | vdb-entryx_refsource_SECTRACK |
Date Public
2014-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "cisco-cve20142179-file-upload(98499)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "cisco-cve20142179-file-upload(98499)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "cisco-cve20142179-file-upload(98499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
},
{
"name": "1031171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2179",
"datePublished": "2014-11-07T11:00:00.000Z",
"dateReserved": "2014-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:05:59.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2178 (GCVE-0-2014-2178)
Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://packetstormsecurity.com/files/128992/Cisco… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://seclists.org/fulldisclosure/2014/Nov/6 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/533917/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1031171 | vdb-entryx_refsource_SECTRACK |
Date Public
2014-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142178-csrf(98498)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142178-csrf(98498)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142178-csrf(98498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2178",
"datePublished": "2014-11-07T11:00:00.000Z",
"dateReserved": "2014-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:05:59.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2177 (GCVE-0-2014-2177)
Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
VLAI
Summary
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://packetstormsecurity.com/files/128992/Cisco… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://seclists.org/fulldisclosure/2014/Nov/6 | mailing-listx_refsource_FULLDISC |
| http://www.securityfocus.com/archive/1/533917/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1031171 | vdb-entryx_refsource_SECTRACK |
Date Public
2014-11-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142177-command-exec(98497)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142177-command-exec(98497)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
},
{
"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
},
{
"name": "cisco-cve20142177-command-exec(98497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/6"
},
{
"name": "20141106 Cisco RV Series multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
},
{
"name": "1031171",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2177",
"datePublished": "2014-11-07T11:00:00.000Z",
"dateReserved": "2014-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:05:59.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}