CVE-2018-0425 — Sensitive Information Exposure in Cisco Rv130w Firmware

CWE-200 — Sensitive Information Exposure CWE-269 — Improper Privilege Management4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

8.1%

top 7.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv130w Firmware Cisco Rv110w Firmware Cisco Rv215w Firmware +1 more

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit c…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5cisco/cisco_rv130w_wireless-n_multifunction_vpn_router_firmwaren/a

▶NVDcisco/rv130w_firmware< 1.0.3.44

▶NVDcisco/rv110w_firmware1.2.1.7

▶NVDcisco/rv215w_firmware1.3.0.8

🔴Vulnerability Details

GHSA

GHSA-x88p-8c69-vxf4: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, a↗2022-05-13

▶

CVEList

Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability↗2018-09-05

▶