Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0683Cisco Cvr100w Firmware vulnerability

CWE-2555 documents5 sources
Severity
10.0CRITICALNVD
EPSS
29.4%
top 3.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Cisco Cvr100w FirmwareCisco Rv110w FirmwareCisco Rv215w Firmware
Timeline
PublishedMar 6
Latest updateMay 14

Description

The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-7xqw-8r6g-8v75: The web management interface on the Cisco RV110W firewall with firmware 12022-05-14
CVEList
CVE-2014-0683: The web management interface on the Cisco RV110W firewall with firmware 12014-03-06

💥Exploits & PoCs

1
Exploit-DB
Cisco RV110W - Password Disclosure / Command Execution2018-12-14

📋Vendor Advisories

1
Cisco
Cisco Small Business Router Password Disclosure Vulnerability2014-03-05
CVE-2014-0683 — Cisco Cvr100w Firmware vulnerability | cvebase