Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for rv220w by cisco

    VAR-201710-0035

    Vulnerability from variot - Updated: 2025-04-20 23:21

    Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. The Cisco RV320 Dual Gigabit WAN VPN is a router product from Cisco Systems, USA. Multiple Cisco Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. This issue is being tracked by Cisco Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The flaw stems from the fact that the program does not generate unique keys and certificates

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0035",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "srp520-u",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.6"
          },
          {
            "model": "rv180w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "srp520",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.01.29"
          },
          {
            "model": "spa400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.2.2"
          },
          {
            "model": "wap4410n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.7.8"
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.4.17"
          },
          {
            "model": "pvc2300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "rv120w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.9"
          },
          {
            "model": "wrv210",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.1.5"
          },
          {
            "model": "rvs4000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.3.4"
          },
          {
            "model": "wrv200",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.39"
          },
          {
            "model": "wvc2300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "srw224p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.2.4"
          },
          {
            "model": "wap2000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "wrp500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.1.002"
          },
          {
            "model": "wap4400n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv325",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.10"
          },
          {
            "model": "rtp300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "3.1.24"
          },
          {
            "model": "wrvs4400n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.2.2"
          },
          {
            "model": "rv320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.3.1.10"
          },
          {
            "model": "wap200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.6.0"
          },
          {
            "model": "wet200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "rv315w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.01.03"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "actiontec",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sierra",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "technicolor",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubiquiti",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "unify",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "c1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "fr1000z",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-24",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "gs1900-8",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1100-nh",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1121-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ac",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "nwa1123-ni",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-660hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p-663hn-51",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "p8702n",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "pmg5318-b20a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "q1000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3300-nb00",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "sbg3500-n000",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg1312-b30b",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg4380-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8324-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b10a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vmg8924-b30a",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "vsg1435-b101",
            "scope": null,
            "trust": 0.8,
            "vendor": "zyxel",
            "version": null
          },
          {
            "model": "",
            "scope": null,
            "trust": 0.8,
            "vendor": "multiple vendors",
            "version": null
          },
          {
            "model": "rv320 dual gigabit wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv325 dual gigabit wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv325 dual wan gigabit vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rvs4000 4-port gigabit security router vpn",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrv210 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wap4410n wireless-n access point poe/advanced security",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrv200 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrvs4400n wireless",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "srw224p",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.2.4"
          },
          {
            "model": "wap4400n",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wvc2300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "wap200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.6.0"
          },
          {
            "model": "wrvs4400n",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.2.2"
          },
          {
            "model": "rv180w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.5.4"
          },
          {
            "model": "wap2000",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "pvc2300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.1.2.6"
          },
          {
            "model": "wet200",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "2.0.8.0"
          },
          {
            "model": "wvc2300 wireless-g business internet video camera audio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wrvs4400n wireless-n gigabit security router vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-2.0"
          },
          {
            "model": "wrv210 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wrv200 wireless-g vpn router rangebooster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wrp500 wireless-ac broadband router with phone ports",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20"
          },
          {
            "model": "wet200 wireless-g business ethernet bridge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "wap4410n wireless-n access point poe/advanced security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wap4400n wireless-n access point poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wap2000 wireless-g access point poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "wap200 wireless-g access point poe/rangebooster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "srw224p 24-port 2-port gigabit switch webview/poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10/100+-0"
          },
          {
            "model": "spa400 internet telephony gateway with fxo ports",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40"
          },
          {
            "model": "small business srp520-u models",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "small business srp520 models",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rvs4000 4-port gigabit security router vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "rv325 dual wan gigabit vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv325 dual gigabit wan vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv320 dual gigabit wan vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv315w wireless-n vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv180w wireless-n multifunction vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv180 vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "rtp300 broadband router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "pvc2300 business internet video camera audio/poe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:misc:multiple_vendors",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stefan Viehb\u00f6ck of SEC Consult.",
        "sources": [
          {
            "db": "BID",
            "id": "78047"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-6358",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-6358",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2015-6358",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-07863",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-84319",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2015-6358",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-6358",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-6358",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-07863",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201511-426",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-84319",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. The Cisco RV320 Dual Gigabit WAN VPN is a router product from Cisco Systems, USA. Multiple Cisco Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. \nThis issue is being tracked by Cisco Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The flaw stems from the fact that the program does not generate unique keys and certificates",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          },
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724",
            "trust": 3.6
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "78047",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1034257",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1034255",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1034258",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1034256",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU96100360",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "id": "VAR-201710-0035",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          }
        ],
        "trust": 1.365750996923077
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:21:26.541000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
            "trust": 0.8,
            "url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
          },
          {
            "title": "Patches for multiple Cisco product information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/67387"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.kb.cert.org/vuls/id/566724"
          },
          {
            "trust": 2.6,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151125-ci"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/78047"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034255"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034256"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034257"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1034258"
          },
          {
            "trust": 1.6,
            "url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/certificates.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/download/ssh_host_keys.html"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/series/ssh-rsa-full-ipv4"
          },
          {
            "trust": 0.8,
            "url": "https://scans.io/study/sonar.ssl"
          },
          {
            "trust": 0.8,
            "url": "https://censys.io"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96100360/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/bluu-a2nqxj"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "db": "BID",
            "id": "78047"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2015-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "date": "2017-10-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "date": "2015-11-25T00:00:00",
            "db": "BID",
            "id": "78047"
          },
          {
            "date": "2016-02-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2015-11-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "date": "2017-10-12T15:29:00.217000",
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-09-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#566724"
          },
          {
            "date": "2015-12-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07863"
          },
          {
            "date": "2017-11-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-84319"
          },
          {
            "date": "2015-11-25T00:00:00",
            "db": "BID",
            "id": "78047"
          },
          {
            "date": "2018-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006907"
          },
          {
            "date": "2017-10-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-6358"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#566724"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-426"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201601-0003

    Vulnerability from variot - Updated: 2025-04-13 23:31

    SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. The Cisco RV220W is a wireless VPN firewall router product from Cisco Systems, USA. Cisco RV220W devices are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuv29574

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0003",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.0.30"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.4.10"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.1.0.9"
          },
          {
            "model": "opensolaris",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sun",
            "version": "snv_124"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.6.6"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.0.2"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.10"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.4.14"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.2.0.2"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.2.6"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.6"
          },
          {
            "model": "rv series router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.1.9"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.7.2"
          },
          {
            "model": "rv220w",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.7.2"
          },
          {
            "model": "wrv200 wireless-g vpn router - rangebooster",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv320 dual gigabit wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrvs4400n wireless-n gigabit security router - vpn v2.0",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "wrv210 wireless-g vpn router - rangebooster",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv042g dual gigabit wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv325 dual wan gigabit vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv082 dual wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv042 dual wan vpn router",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv110w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.310"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.26"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.19"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.030"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.02"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.6.6"
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0.7.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "BID",
            "id": "82024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco",
        "sources": [
          {
            "db": "BID",
            "id": "82024"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-6319",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-6319",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-00789",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-84280",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-6319",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-6319",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-6319",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-00789",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201601-654",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-84280",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. The Cisco RV220W is a wireless VPN firewall router product from Cisco Systems, USA. Cisco RV220W devices are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nThis issue is tracked by Cisco Bug ID CSCuv29574",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "BID",
            "id": "82024"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84280"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-6319",
            "trust": 3.4
          },
          {
            "db": "SECTRACK",
            "id": "1034830",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "82024",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-84280",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84280"
          },
          {
            "db": "BID",
            "id": "82024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "id": "VAR-201601-0003",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84280"
          }
        ],
        "trust": 1.2658853222222222
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:31:32.149000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20160127-rv220",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
          },
          {
            "title": "CiscoRV220WSQL Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/71083"
          },
          {
            "title": "Cisco RV220W SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59965"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-84280"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160127-rv220"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1034830"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6319"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6319"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84280"
          },
          {
            "db": "BID",
            "id": "82024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "VULHUB",
            "id": "VHN-84280"
          },
          {
            "db": "BID",
            "id": "82024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "date": "2016-01-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-84280"
          },
          {
            "date": "2016-01-27T00:00:00",
            "db": "BID",
            "id": "82024"
          },
          {
            "date": "2016-02-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "date": "2016-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          },
          {
            "date": "2016-01-27T22:59:00.100000",
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "date": "2016-12-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-84280"
          },
          {
            "date": "2016-01-27T00:00:00",
            "db": "BID",
            "id": "82024"
          },
          {
            "date": "2016-02-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006879"
          },
          {
            "date": "2016-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-6319"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco RV220W SQL Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00789"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-654"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201411-0401

    Vulnerability from variot - Updated: 2025-04-13 23:21

    Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. Vendors have confirmed this vulnerability Bug ID CSCuh87145 It is released as.A third party could hijack the administrator's authentication. The Cisco RV router firmware is the Cisco RV180 Series VPN Router firmware. An attacker could exploit this vulnerability to hijack an administrator's authentication information. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected device. This issue is being tracked by Cisco Bug IDs CSCuh87145. are all products of Cisco (Cisco).


    Details

    https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html


    References

    [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179 [4] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0401",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv220w wireless network security firewall",
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv120w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv120w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.10"
          },
          {
            "model": "rv180w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.5.9"
          },
          {
            "model": "rv180 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180 vpn router",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.4.14"
          },
          {
            "model": "rv180w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.3.10"
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.5.8"
          },
          {
            "model": "rv220w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.3.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv120w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv120w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv180",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv180_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv180w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yorick Koster of Securify.",
        "sources": [
          {
            "db": "BID",
            "id": "70922"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2178",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2014-2178",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-08200",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-70117",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-2178",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-2178",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-08200",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201411-100",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-70117",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. Vendors have confirmed this vulnerability Bug ID CSCuh87145 It is released as.A third party could hijack the administrator\u0027s authentication. The Cisco RV router firmware is the Cisco RV180 Series VPN Router firmware. An attacker could exploit this vulnerability to hijack an administrator\u0027s authentication information. \nExploiting this issue may allow a remote attacker to perform  certain actions in the context of an authorized user\u0027s session and gain unauthorized access to the affected device. \nThis issue is being tracked by Cisco Bug IDs CSCuh87145. are all products of Cisco (Cisco). \n\n------------------------------------------------------------------------\nDetails\n------------------------------------------------------------------------\nhttps://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html\n\n------------------------------------------------------------------------\nReferences\n------------------------------------------------------------------------\n[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177\n[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178\n[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179\n[4]\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv \n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2178"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "BID",
            "id": "70922"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2178",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "128992",
            "trust": 1.2
          },
          {
            "db": "SECTRACK",
            "id": "1031171",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "70922",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-70117",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "db": "BID",
            "id": "70922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "id": "VAR-201411-0401",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70117"
          }
        ],
        "trust": 1.32253884
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:21:20.376000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20141105-rv",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
          },
          {
            "title": "36241",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36241"
          },
          {
            "title": "Patch for Cisco RV router firmware cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/51779"
          },
          {
            "title": "RV120W-Firmware-1.0.5.9",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54615"
          },
          {
            "title": "RV180W-Firmware-1.0.4.14",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54617"
          },
          {
            "title": "RV180-Firmware-1.0.4.14",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54616"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv"
          },
          {
            "trust": 1.5,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2178"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/nov/6"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/128992/cisco-rv-overwrite-csrf-command-execution.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1031171"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2178"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2177"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2179"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2179"
          },
          {
            "trust": 0.1,
            "url": "https://www.securify.nl/advisory/sfy20130601/cisco_rv_series_multiple_vulnerabilities.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2178"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "db": "BID",
            "id": "70922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "db": "BID",
            "id": "70922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "date": "2014-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "date": "2014-11-05T00:00:00",
            "db": "BID",
            "id": "70922"
          },
          {
            "date": "2014-11-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "date": "2014-11-06T12:02:22",
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "date": "2014-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          },
          {
            "date": "2014-11-07T11:55:02.487000",
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08200"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70117"
          },
          {
            "date": "2014-11-24T02:58:00",
            "db": "BID",
            "id": "70922"
          },
          {
            "date": "2015-12-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          },
          {
            "date": "2014-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-2178"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco RV Router Firmware management  Web Cross-site request forgery vulnerability in the interface",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005295"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-100"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201411-0402

    Vulnerability from variot - Updated: 2025-04-13 23:21

    The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. Vendors have confirmed this vulnerability Bug ID CSCuh86998 It is released as.Skillfully crafted by a third party HTTP A file may be uploaded to any location via a request. An attacker could exploit this vulnerability to upload arbitrary files. This issue is being tracked by Cisco Bug ID CSCuh86998. are all products of Cisco (Cisco).


    Details

    https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html


    References

    [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179 [4] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0402",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv220w wireless network security firewall",
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv120w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv220w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.10"
          },
          {
            "model": "rv180w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv120w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.5.9"
          },
          {
            "model": "rv180 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180 vpn router",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.4.14"
          },
          {
            "model": "rv180w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.3.10"
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.5.8"
          },
          {
            "model": "rv220w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.3.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv120w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv120w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv180",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv180_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv180w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yorick Koster of Securify",
        "sources": [
          {
            "db": "BID",
            "id": "70920"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2179",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-2179",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-08189",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-70118",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-2179",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-2179",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-08189",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201411-101",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-70118",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. Vendors have confirmed this vulnerability Bug ID CSCuh86998 It is released as.Skillfully crafted by a third party HTTP A file may be uploaded to any location via a request. An attacker could exploit this vulnerability to upload arbitrary files. \nThis issue is being tracked by Cisco Bug ID CSCuh86998. are all products of Cisco (Cisco). \n\n------------------------------------------------------------------------\nDetails\n------------------------------------------------------------------------\nhttps://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html\n\n------------------------------------------------------------------------\nReferences\n------------------------------------------------------------------------\n[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177\n[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178\n[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179\n[4]\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv \n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "BID",
            "id": "70920"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2179",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "128992",
            "trust": 1.2
          },
          {
            "db": "SECTRACK",
            "id": "1031171",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "70920",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-70118",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "db": "BID",
            "id": "70920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "id": "VAR-201411-0402",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70118"
          }
        ],
        "trust": 1.32253884
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:21:20.337000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20141105-rv",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
          },
          {
            "title": "36242",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36242"
          },
          {
            "title": "Cisco RV router firmware patch for arbitrary file upload vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/51780"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv"
          },
          {
            "trust": 1.5,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2179"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/nov/6"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/128992/cisco-rv-overwrite-csrf-command-execution.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1031171"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2179"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2179"
          },
          {
            "trust": 0.1,
            "url": "https://www.securify.nl/advisory/sfy20130601/cisco_rv_series_multiple_vulnerabilities.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2178"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2178"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "db": "BID",
            "id": "70920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "db": "BID",
            "id": "70920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "date": "2014-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "date": "2014-11-05T00:00:00",
            "db": "BID",
            "id": "70920"
          },
          {
            "date": "2014-11-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "date": "2014-11-06T12:02:22",
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "date": "2014-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          },
          {
            "date": "2014-11-07T11:55:02.517000",
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08189"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70118"
          },
          {
            "date": "2014-11-24T00:58:00",
            "db": "BID",
            "id": "70920"
          },
          {
            "date": "2014-11-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          },
          {
            "date": "2014-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-2179"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco RV Router Vulnerability in uploading files to arbitrary locations in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005296"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-101"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201411-0400

    Vulnerability from variot - Updated: 2025-04-13 23:21

    The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. The Cisco RV router firmware is the Cisco RV 180 Series VPN Router firmware. An attacker could exploit this vulnerability to execute arbitrary code. Multiple Cisco RV Series Routers are prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug ID CSCuh87126. Cisco RV120W Wireless-N VPN Firewall, etc. are all products of Cisco (Cisco).


    Details

    https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html


    References

    [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179 [4] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0400",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv220w wireless network security firewall",
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv120w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv120w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.3.10"
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv180w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv120w wireless-n vpn firewall",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.5.9"
          },
          {
            "model": "rv180 vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180 vpn router",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "1.0.4.14"
          },
          {
            "model": "rv180w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.3.10"
          },
          {
            "model": "rv220w",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "\u003c=1.0.5.8"
          },
          {
            "model": "rv220w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.5.8"
          },
          {
            "model": "rv180",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "1.0.3.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv120w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv120w_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv180",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv180_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv180w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Yorick Koster of Securify.",
        "sources": [
          {
            "db": "BID",
            "id": "70921"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-2177",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2014-2177",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2014-08188",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-70116",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-2177",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-2177",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-08188",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201411-099",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-70116",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. The Cisco RV router firmware is the Cisco RV 180 Series VPN Router firmware. An attacker could exploit this vulnerability to execute arbitrary code. Multiple Cisco RV Series Routers are prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. \nThis issue is being tracked by Cisco Bug ID CSCuh87126. Cisco RV120W Wireless-N VPN Firewall, etc. are all products of Cisco (Cisco). \n\n------------------------------------------------------------------------\nDetails\n------------------------------------------------------------------------\nhttps://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html\n\n------------------------------------------------------------------------\nReferences\n------------------------------------------------------------------------\n[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177\n[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178\n[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179\n[4]\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv \n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2177"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "BID",
            "id": "70921"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2177",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "128992",
            "trust": 1.2
          },
          {
            "db": "SECTRACK",
            "id": "1031171",
            "trust": 1.1
          },
          {
            "db": "BID",
            "id": "70921",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-70116",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "db": "BID",
            "id": "70921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "id": "VAR-201411-0400",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70116"
          }
        ],
        "trust": 1.32253884
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:21:20.290000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20141105-rv",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
          },
          {
            "title": "36240",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36240"
          },
          {
            "title": "Cisco RV router firmware patch for arbitrary code execution vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/51777"
          },
          {
            "title": "RV120W-Firmware-1.0.5.9",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54615"
          },
          {
            "title": "RV180W-Firmware-1.0.4.14",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54617"
          },
          {
            "title": "RV180-Firmware-1.0.4.14",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54616"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv"
          },
          {
            "trust": 1.5,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2177"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/nov/6"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/128992/cisco-rv-overwrite-csrf-command-execution.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1031171"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2177"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/70921/"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2177"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2179"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2179"
          },
          {
            "trust": 0.1,
            "url": "https://www.securify.nl/advisory/sfy20130601/cisco_rv_series_multiple_vulnerabilities.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2178"
          },
          {
            "trust": 0.1,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2178"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "db": "BID",
            "id": "70921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "db": "BID",
            "id": "70921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "date": "2014-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "date": "2014-11-05T00:00:00",
            "db": "BID",
            "id": "70921"
          },
          {
            "date": "2014-11-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "date": "2014-11-06T12:02:22",
            "db": "PACKETSTORM",
            "id": "128992"
          },
          {
            "date": "2014-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          },
          {
            "date": "2014-11-07T11:55:02.407000",
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08188"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-70116"
          },
          {
            "date": "2014-11-24T00:58:00",
            "db": "BID",
            "id": "70921"
          },
          {
            "date": "2014-11-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          },
          {
            "date": "2014-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-2177"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco RV Router Firmware  network-diagnostics An arbitrary command execution vulnerability in the management interface",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005294"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-099"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0356

    Vulnerability from variot - Updated: 2024-11-23 22:06

    A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. The Cisco RV180WWireless-NMultifunctionVPNRouter is a versatile VPN router device. A directory traversal vulnerability exists in the CiscoRV180WWireless-NMultifunctionVPNRouterWEB framework. There are currently no detailed details of the vulnerability provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0356",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rv180w wireless-n multifunction vpn router",
            "scope": null,
            "trust": 1.4,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv180w",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "rv220w wireless network security firewall",
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "small business rv series rv220w wireless network security firewall",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:cisco:rv180w_vpn_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:cisco:rv220w_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          }
        ]
      },
      "cve": "CVE-2018-0405",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-0405",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-21256",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-118607",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-0405",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0405",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-0405",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21256",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-224",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-118607",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118607"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. The Cisco RV180WWireless-NMultifunctionVPNRouter is a versatile VPN router device. A directory traversal vulnerability exists in the CiscoRV180WWireless-NMultifunctionVPNRouterWEB framework. There are currently no detailed details of the vulnerability provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118607"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0405",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-224",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-118607",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118607"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "id": "VAR-201810-0356",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118607"
          }
        ],
        "trust": 1.4516339999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:35.977000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Cisco RV180W Wireless-N Multifunction VPN Router",
            "trust": 0.8,
            "url": "https://www.cisco.com/c/en/us/products/routers/rv180w-wireless-n-multifunction-vpn-router/index.html"
          },
          {
            "title": "Cisco RV220W Wireless Network Security Firewall",
            "trust": 0.8,
            "url": "https://www.cisco.com/c/en/us/products/routers/rv220w-wireless-network-security-firewall/index.html"
          },
          {
            "title": "CiscoRV180WWireless-NMultifunctionVPNRouterWEB Framework Directory Traversal Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/142807"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-118607"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/cscvk28019"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0405"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0405"
          },
          {
            "trust": 0.6,
            "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/cscvk27179"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118607"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-118607"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "date": "2018-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118607"
          },
          {
            "date": "2019-03-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "date": "2018-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          },
          {
            "date": "2018-10-05T17:29:00.277000",
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21256"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-118607"
          },
          {
            "date": "2019-03-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          },
          {
            "date": "2024-11-21T03:38:09.590000",
            "db": "NVD",
            "id": "CVE-2018-0405"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco RV180W Wireless-N Multifunction VPN Router and  Small Business RV Series RV220W Wireless Network Security Firewall Path traversal vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014254"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-224"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2014-2179 (GCVE-0-2014-2179)

    Vulnerability from nvd – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
    VLAI
    Summary
    The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:05:59.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
              },
              {
                "name": "cisco-cve20142179-file-upload(98499)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
              },
              {
                "name": "1031171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "cisco-cve20142179-file-upload(98499)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
            },
            {
              "name": "1031171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2014-2179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
                },
                {
                  "name": "cisco-cve20142179-file-upload(98499)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
                },
                {
                  "name": "1031171",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1031171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2014-2179",
        "datePublished": "2014-11-07T11:00:00.000Z",
        "dateReserved": "2014-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:05:59.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2178 (GCVE-0-2014-2178)

    Vulnerability from nvd – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:05:59.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
              },
              {
                "name": "cisco-cve20142178-csrf(98498)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
              },
              {
                "name": "1031171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "cisco-cve20142178-csrf(98498)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "1031171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2014-2178",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
                },
                {
                  "name": "cisco-cve20142178-csrf(98498)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
                },
                {
                  "name": "1031171",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1031171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2014-2178",
        "datePublished": "2014-11-07T11:00:00.000Z",
        "dateReserved": "2014-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:05:59.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2177 (GCVE-0-2014-2177)

    Vulnerability from nvd – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
    VLAI
    Summary
    The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:05:59.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
              },
              {
                "name": "cisco-cve20142177-command-exec(98497)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
              },
              {
                "name": "1031171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "cisco-cve20142177-command-exec(98497)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "1031171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2014-2177",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
                },
                {
                  "name": "cisco-cve20142177-command-exec(98497)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
                },
                {
                  "name": "1031171",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1031171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2014-2177",
        "datePublished": "2014-11-07T11:00:00.000Z",
        "dateReserved": "2014-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:05:59.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2179 (GCVE-0-2014-2179)

    Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
    VLAI
    Summary
    The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:05:59.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
              },
              {
                "name": "cisco-cve20142179-file-upload(98499)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
              },
              {
                "name": "1031171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "cisco-cve20142179-file-upload(98499)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
            },
            {
              "name": "1031171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2014-2179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
                },
                {
                  "name": "cisco-cve20142179-file-upload(98499)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
                },
                {
                  "name": "1031171",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1031171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2014-2179",
        "datePublished": "2014-11-07T11:00:00.000Z",
        "dateReserved": "2014-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:05:59.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2178 (GCVE-0-2014-2178)

    Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:05:59.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
              },
              {
                "name": "cisco-cve20142178-csrf(98498)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
              },
              {
                "name": "1031171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "cisco-cve20142178-csrf(98498)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "1031171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2014-2178",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
                },
                {
                  "name": "cisco-cve20142178-csrf(98498)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
                },
                {
                  "name": "1031171",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1031171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2014-2178",
        "datePublished": "2014-11-07T11:00:00.000Z",
        "dateReserved": "2014-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:05:59.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2177 (GCVE-0-2014-2177)

    Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05
    VLAI
    Summary
    The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:05:59.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
              },
              {
                "name": "cisco-cve20142177-command-exec(98497)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
              },
              {
                "name": "20141106 Cisco RV Series multiple vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
              },
              {
                "name": "1031171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1031171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "cisco-cve20142177-command-exec(98497)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "1031171",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2014-2177",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
                },
                {
                  "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
                },
                {
                  "name": "cisco-cve20142177-command-exec(98497)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
                },
                {
                  "name": "20141106 Cisco RV Series multiple vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
                },
                {
                  "name": "1031171",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1031171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2014-2177",
        "datePublished": "2014-11-07T11:00:00.000Z",
        "dateReserved": "2014-02-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:05:59.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }