CVE-2018-0424 — Command Injection in Cisco Rv130w Firmware

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.8%

top 25.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv130w Firmware Cisco Rv110w Firmware Cisco Rv215w Firmware +1 more

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful expl…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5cisco/cisco_rv130w_wireless-n_multifunction_vpn_router_firmwaren/a

▶NVDcisco/rv130w_firmware< 1.0.3.44

▶NVDcisco/rv110w_firmware1.2.1.7

▶NVDcisco/rv215w_firmware1.3.0.8

🔴Vulnerability Details

GHSA

GHSA-mm33-w43h-6m3f: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, a↗2022-05-13

▶

CVEList

Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability↗2018-09-05

▶