Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0127Sensitive Information Exposure in Cisco Rv132w Firmware

CWE-200Sensitive Information ExposureCWE-306Missing Authentication for Critical Function6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
91.5%
top 0.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Cisco Rv132w FirmwareCisco Rv134w Firmware
Timeline
PublishedFeb 8
Latest updateMay 13

Description

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/rv132w_firmware1.0.0.1, 1.0.1.8+1
NVDcisco/rv134w_firmware1.0.0.1, 1.0.1.8+1

🔴Vulnerability Details

3
GHSA
GHSA-3368-gx38-c6qj: A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unaut2022-05-13
CVEList
CVE-2018-0127: A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unaut2018-02-08
VulnCheck
Cisco RV Series Routers Exposure of Sensitive Information to an Unauthorized Actor2018

💥Exploits & PoCs

1
Nuclei
Cisco RV132W/RV134W Router - Information Disclosure

📋Vendor Advisories

1
Cisco
Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability2018-02-08
CVE-2018-0127 — Sensitive Information Exposure in Cisco | cvebase