⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-17. Required action: Apply updates per vendor instructions..

CVE-2019-1652Improper Input Validation in Cisco Rv320 Firmware

CWE-20Improper Input ValidationCWE-78OS Command Injection13 documents10 sources
Severity
7.2HIGHNVD
EPSS
93.0%
top 0.21%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Cisco Rv320 FirmwareCisco Rv325 FirmwareCisco Small Business RV Series Router Firmware
Timeline
PublishedJan 24
KEV addedMar 3
KEV dueMar 17
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could al

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

NVDcisco/rv320_firmware1.4.2.151.4.2.22
NVDcisco/rv325_firmware1.4.2.151.4.2.22

🔴Vulnerability Details

3
GHSA
GHSA-73jm-6x85-hwg5: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticate2022-05-13
CVEList
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability2019-01-24
VulnCheck
Cisco Small Business Routers Improper Input Validation Vulnerability2019

💥Exploits & PoCs

3
Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)2019-04-03
Exploit-DB
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection2019-01-25
Metasploit
Cisco RV320 and RV325 Unauthenticated Remote Code Execution

🔍Detection Rules

2
Suricata
ET EXPLOIT Cisco RV320/RV325 Command Injection Attempt Inbound (CVE-2019-1652)2021-06-04
Suricata
ET EXPLOIT Possible Cisco RV320 RCE Attempt (CVE-2019-1652)2019-01-29

📋Vendor Advisories

2
CISA
Cisco Small Business Routers Improper Input Validation Vulnerability2022-03-03
Cisco
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability2019-01-23

🕵️Threat Intelligence

1
Tenable
Cisco Fixes Incomplete Patch for RV320 and RV325 Routers, Including Two New Bugs (CVE-2019-1827, CVE-2019-1828)2019-04-04
CVE-2019-1652 — Improper Input Validation in Cisco | cvebase