CVE-2018-0426 — Path Traversal in Cisco Rv130w Firmware

CWE-22 — Path Traversal4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

9.7%

top 7.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv130w Firmware Cisco Rv110w Firmware Cisco Rv215w Firmware +1 more

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targete…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5cisco/cisco_rv130w_wireless-n_multifunction_vpn_router_firmwaren/a

▶NVDcisco/rv130w_firmware< 1.0.3.44

▶NVDcisco/rv110w_firmware1.2.1.7

▶NVDcisco/rv215w_firmware1.3.0.8

🔴Vulnerability Details

GHSA

GHSA-6fjh-4256-cjjm: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, a↗2022-05-13

▶

CVEList

Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability↗2018-09-05

▶