CVE-2014-2178 — Cross-Site Request Forgery in Cisco Rv120w Firmware

CWE-352 — Cross-Site Request Forgery CWE-20 — Improper Input Validation CWE-2645 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 44.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv120w Firmware Cisco Rv180 Firmware Cisco Rv220w Firmware

Timeline

PublishedNov 7

Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDcisco/rv180_firmware1.0.3.10

▶NVDcisco/rv120w_firmware1.0.5.8

▶NVDcisco/rv220w_firmware1.0.5.8

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-x77r-9j3c-w6wj: Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1↗2022-05-14

▶

CVEList

CVE-2014-2178: Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1↗2014-11-07

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Small Business RV Series Routers↗2014-11-06

▶

Cisco

Cisco Small Business RV Series Routers HTTP Referer Header Vulnerability↗2014-11-05

▶