cbcvebase.
CVE-2018-0127
published 2018-02-08

CVE-2018-0127: A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an…

PriorityP192critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
77.75%
99.5th percentile
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.

Affected

5 ranges
VendorProductVersion rangeFixed in
ciscorv132w_and_rv134w_wireless_vpn_routers_unauthenticated
ciscorv132w_firmware
ciscorv132w_firmware
ciscorv134w_firmware
ciscorv134w_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/dumpmdm.cmd
  • Send an unauthenticated HTTP GET request to /dumpmdm.cmd on the target device; a vulnerable response will return HTTP 200 and contain all four strings: 'Dump', 'MDM', 'cisco', and 'admin' in the response body.
  • The vulnerability is exploitable with no authentication; an attacker only needs to craft an HTTP GET request to the affected endpoint and inspect the response for configuration parameters including the administrator password.
  • ·The vulnerability affects Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers. The unauthenticated disclosure endpoint is present on certain pages of the web interface that require no user authentication.
  • ·There are no workarounds available for this vulnerability; the only remediation is applying the latest firmware update from Cisco.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck9.8CRITICAL
vendor_cisco5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.