cbcvebase.
CVE-2018-0125
published 2018-02-08

CVE-2018-0125: A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote…

PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
54.76%
98.9th percentile
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscorv132w_and_rv134w
ciscorv132w_firmware
ciscorv134w_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a crafted HTTP request to the web interface of the affected device; monitor for anomalous or malformed HTTP requests targeting Cisco RV132W and RV134W router web interfaces
  • The vulnerability is triggered via incomplete input validation on user-controlled input in an HTTP request; look for oversized or unexpected parameter values in HTTP POST/GET requests to the device management interface
  • Successful exploitation results in command execution as root or device reload; monitor for unexpected reboots or root-level process spawning on Cisco RV132W/RV134W devices
  • Attack is unauthenticated and remote; no credentials required — flag any unauthenticated sessions interacting with the web management interface of RV132W or RV134W devices
  • ·Vulnerability affects Cisco RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router; fixed in firmware version 1.0.1.11 — devices running earlier firmware are vulnerable
  • ·No workarounds exist for this vulnerability; patching to firmware 1.0.1.11 is the only remediation
  • ·Tracked under Cisco Bug IDs CSCvg92737 and CSCvh60170 — use these identifiers when querying Cisco's bug tracker or PSIRT for additional technical detail

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_cisco9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.