CVE-2019-1898
published 2019-06-20CVE-2019-1898: A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the…
PriorityP354medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
40.95%
98.5th percentile
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_rv130w_wireless-n_multifunction_vpn_router_firmware | >= unspecified < 1.0.3.51 | 1.0.3.51 |
| cisco | rv110w_rv130w_and_rv215w_routers_unauthenticated_syslog_file_access | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET/POST request to /_syslog.txt without authentication; response with HTTP 200, Content-Type application/octet-stream, and body containing 'ethernet' and 'connection' indicates successful exploitation.
- →Unauthenticated HTTP request directly to the syslog URL path is the exploit vector; no credentials or session token required. ↗
- ·The vulnerability affects Cisco RV110W, RV130W, and RV215W routers. Cisco Bug IDs CSCvo65034, CSCvo65037, and CSCvo65038 correspond to each model respectively. ↗
- ·There are no workarounds available for this vulnerability; patching via firmware update is the only remediation. ↗
- ·The syslog file exposed contains sensitive operational data including DHCP logs, PPTP logs, login attempts, connected device MAC/IP addresses, and enabled features. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m4rm-wc9j-7vx7: A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to a
ghsa_unreviewed·2022-05-24
CVE-2019-1898 [MEDIUM] GHSA-m4rm-wc9j-7vx7: A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to a
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
Cisco
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
vendor_cisco·2019-06-19·CVSS 5.3
CVE-2019-1898 [MEDIUM] CWE-425 Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device.
The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess
Cisco
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-1898 Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
CVE-2019-1898: Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. There are no
CVSS: 3.0
CWE: CWE-425, CWE-425
Bug IDs: CSCvo65034, CSCvo65037, CSCvo65038
No detection rules found.
Nuclei
Cisco RV110W RV130W RV215W Router - Information leakage
nuclei·CVSS 5.3
CVE-2019-1898 [MEDIUM] Cisco RV110W RV130W RV215W Router - Information leakage
Cisco RV110W RV130W RV215W Router - Information leakage
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
Template:
id: CVE-2019-1898
info:
name: Cisco RV110W RV130W RV215W Router - Information leakage
author: SleepingBag945
severity: medium
description: |
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote atta
http://www.securityfocus.com/bid/108865https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccesshttps://www.tenable.com/security/research/tra-2019-29http://www.securityfocus.com/bid/108865https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccesshttps://www.tenable.com/security/research/tra-2019-29
2019-06-20
Published