⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2019-1653Improper Access Control in Cisco Small Business RV Series Router Firmware

CWE-284Improper Access ControlCWE-200Sensitive Information Exposure17 documents11 sources
Severity
7.5HIGHNVD
EPSS
94.4%
top 0.03%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Cisco Small Business RV Series Router FirmwareCisco Rv320 FirmwareCisco Rv325 Firmware
Timeline
PublishedJan 24
KEV addedNov 3
KEV dueMay 3
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnos

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDcisco/rv320_firmware1.4.2.15, 1.4.2.17+1
NVDcisco/rv325_firmware1.4.2.15, 1.4.2.17+1

🔴Vulnerability Details

3
GHSA
GHSA-j8w2-wx5p-fvx4: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthentica2022-05-13
CVEList
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability2019-01-24
VulnCheck
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability2019

💥Exploits & PoCs

5
Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)2019-04-03
Exploit-DB
Cisco RV300 / RV320 - Information Disclosure2019-01-28
Metasploit
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
Nuclei
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
Nuclei
PilusCart <=1.4.1 - Local File Inclusion

🔍Detection Rules

5
Suricata
ET EXPLOIT Cisco RV320/RV325 RCE (CVE-2019-1653)2021-10-28
Suricata
ET EXPLOIT Successful Cisco RV320/RV325 Debug Dump Disclosure (CVE-2019-1653)2021-06-04
Suricata
ET EXPLOIT Successful Cisco RV320/RV325 Config Disclosure (CVE-2019-1653)2021-06-04
Suricata
ET EXPLOIT Cisco RV320/RV325 Config Disclosure Attempt Inbound (CVE-2019-1653)2021-06-04
Suricata
ET EXPLOIT Cisco RV320/RV325 Debug Dump Disclosure Attempt Inbound (CVE-2019-1653)2021-06-04

📋Vendor Advisories

2
CISA
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability2021-11-03
Cisco
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability2019-01-23

🕵️Threat Intelligence

1
Tenable
Cisco Fixes Incomplete Patch for RV320 and RV325 Routers, Including Two New Bugs (CVE-2019-1827, CVE-2019-1828)2019-04-04
CVE-2019-1653 — Improper Access Control in Cisco | cvebase