cbcvebase.
CVE-2014-0683
published 2014-03-06

CVE-2014-0683: The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W…

PriorityP264critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.35%
95.1th percentile
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.

Affected

4 ranges
VendorProductVersion rangeFixed in
ciscocvr100w_firmware<= 1.0.1.19
ciscorv110w_firmware<= 1.2.0.9
ciscorv215w_firmware<= 1.1.0.5
ciscosmall_business_router_password

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://<IP>:<PORT>/login.cgi
urlhttps://<IP>:<PORT>/apply.cgi;session_id=<session_id>
cookieSessionID=
commandping_times=3 |<CMD>|
path/login.cgi
path/apply.cgi
  • Flag POST requests to '/apply.cgi' where the 'ping_times' parameter contains shell metacharacters such as '|', which is the OS command injection vector used in this exploit chain.
  • Alert on POST requests to '/apply.cgi' with submit_button=Diagnostics and change_action=gozila_cgi, as these parameters are used to trigger the command execution path on affected Cisco RV110W devices.
  • Monitor for authentication requests that are intercepted and resubmitted (replay attack pattern) against the web management interface of Cisco RV110W, RV215W, and CVR100W devices.
  • ·The exploit was tested on firmware version 1.1.0.9 of the RV110W; the password disclosure via the index page may behave differently on 1.2.0.9 or later versions.
  • ·Affected firmware versions are: RV110W ≤1.2.0.9, RV215W ≤1.1.0.5, CVR100W ≤1.0.1.19. Devices running these versions expose admin credentials unauthenticated.
  • ·There are no known workarounds; only vendor-supplied firmware updates remediate this vulnerability.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.