Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-1663 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Rv110w Wireless-n VPN Firewall
Severity
9.8CRITICALNVD
EPSS
88.4%
top 0.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedFeb 28
Latest updateMay 13
Description
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A su…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
🔴Vulnerability Details
3GHSA▶
GHSA-p7c3-96fj-v9cf: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, a↗2022-05-13
CVEList▶
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability↗2019-02-28
VulnCheck
▶
💥Exploits & PoCs
3📋Vendor Advisories
1Cisco▶
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability↗2019-02-27
🕵️Threat Intelligence
1Tenable▶
Management Interfaces in Three Models of Cisco Networking Devices Are Vulnerable to RCE Attacks↗2019-02-27