CVE-2018-0125
published 2018-02-08CVE-2018-0125: A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote…
PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
54.76%
98.9th percentile
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | rv132w_and_rv134w | — | — |
| cisco | rv132w_firmware | — | — |
| cisco | rv134w_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the web interface of the affected device; monitor for anomalous or malformed HTTP requests targeting Cisco RV132W and RV134W router web interfaces ↗
- →The vulnerability is triggered via incomplete input validation on user-controlled input in an HTTP request; look for oversized or unexpected parameter values in HTTP POST/GET requests to the device management interface ↗
- →Successful exploitation results in command execution as root or device reload; monitor for unexpected reboots or root-level process spawning on Cisco RV132W/RV134W devices ↗
- →Attack is unauthenticated and remote; no credentials required — flag any unauthenticated sessions interacting with the web management interface of RV132W or RV134W devices ↗
- ·Vulnerability affects Cisco RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router; fixed in firmware version 1.0.1.11 — devices running earlier firmware are vulnerable ↗
- ·No workarounds exist for this vulnerability; patching to firmware 1.0.1.11 is the only remediation ↗
- ·Tracked under Cisco Bug IDs CSCvg92737 and CSCvh60170 — use these identifiers when querying Cisco's bug tracker or PSIRT for additional technical detail ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_cisco9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Cisco VPN Routers Remote Code Execution Vulnerability
cisa·2022-03-25·CVSS 9.8
CVE-2018-0125 [CRITICAL] CWE-20 Cisco VPN Routers Remote Code Execution Vulnerability
Vulnerability: Cisco VPN Routers Remote Code Execution Vulnerability
Affected: Cisco VPN Routers
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-0125
Remediation Due Date: 2022-04-15
Cisco
Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
vendor_cisco·2018-02-08·CVSS 9.8
CVE-2018-0125 [CRITICAL] CWE-20 Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition.
The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user
Cisco
Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0125 Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
CVE-2018-0125: Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as t
GHSA
GHSA-4g9c-v6g6-3jgm: A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated
ghsa_unreviewed·2022-05-13
CVE-2018-0125 [CRITICAL] CWE-20 GHSA-4g9c-v6g6-3jgm: A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a D
VulnCheck
Cisco VPN Routers Remote Code Execution Vulnerability
vulncheck·2018·CVSS 9.8
CVE-2018-0125 [CRITICAL] CWE-20 Cisco VPN Routers Remote Code Execution Vulnerability
Cisco VPN Routers Remote Code Execution Vulnerability
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
Affected: Cisco VPN Routers
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://securityaffairs.co/wordpress/139821/security/cisco-old-vulnerabilities-exploitation.html; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-04-02&host_type=src&vulnerability=cve-2018-0125
Remediation Due: 2022-04-15
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/103140http://www.securitytracker.com/id/1040336https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13xhttp://www.securityfocus.com/bid/103140http://www.securitytracker.com/id/1040336https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13xhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0125
2018-02-08
Published
2022-03-25
Added to CISA KEV
Exploited in the wild