CVE-2015-6319 — SQL Injection in Cisco RV Series Router Firmware

CWE-89 — SQL Injection CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco RV Series Router Firmware SUN Opensolaris

Timeline

PublishedJan 27

Latest updateMay 17

Description

SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/rv_series_router_firmware12 versions+11

▶NVDsun/opensolarissnv_124

🔴Vulnerability Details

GHSA

GHSA-gvrr-f66h-397r: SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands vi↗2022-05-17

▶

CVEList

CVE-2015-6319: SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands vi↗2016-01-27

▶

📋Vendor Advisories

Cisco

Cisco RV220W Management Authentication Bypass Vulnerability↗2016-01-28

▶