CVE-2018-0423
published 2018-10-05CVE-2018-0423: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco…
PriorityP354high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
6.77%
93.2th percentile
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_rv130w_wireless-n_multifunction_vpn_router_firmware | — | — |
| cisco | rv110w_rv130w_and_rv215w_routers | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability
vendor_cisco·2018-09-05·CVSS 9.8
CVE-2018-0423 [CRITICAL] CWE-119 Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability
Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code.
The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service
Cisco
Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0423 Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability
CVE-2018-0423: Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a den
GHSA
GHSA-3r77-vxv8-f245: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, a
ghsa_unreviewed·2022-05-13
CVE-2018-0423 [HIGH] CWE-119 GHSA-3r77-vxv8-f245: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, a
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.
No detection rules found.
No public exploits indexed.
Tenable
Cisco Critical Advisories for September Includes Patch for Struts Vulnerability
blogs_tenable·2018-09-05·CVSS 8.1
CVE-2018-11776 [HIGH] Cisco Critical Advisories for September Includes Patch for Struts Vulnerability
Blog / Cyber Exposure Alerts
Subscribe
# Cisco Critical Advisories for September Includes Patch for Struts Vulnerability
Satnam Narang
September 5, 2018
2 Min Read
Cisco has released advisories for 29 issues, including three critical vulnerabilities. The update also includes a patch for CVE-2018-11776 in Apache Struts.
### Background
On Wednesday, September 5, Cisco released security advisories for 29 issues, rating three of them as critical. One of these critical vulnerabilities is the Apache Struts vulnerability (CVE-2018-11776) that we wrote about last month. The other two critical vulnerabilities affect Cisco’s Umbrella API (CVE-2018-0435) and several Cisco wireless VPN devices (CVE-2018-0423).
### Vulnerability details
While exploitation of the Struts vulnerability is the sam
Tenable
Cisco Critical Advisories for September Includes Patch for Struts Vulnerability
blogs_tenable·2018-09-05
Cisco Critical Advisories for September Includes Patch for Struts Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://www.securityfocus.com/bid/105285http://www.securitytracker.com/id/1041675https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflowhttp://www.securityfocus.com/bid/105285http://www.securitytracker.com/id/1041675https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow
2018-10-05
Published