Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1898Improper Authorization in Cisco Rv130w Wireless-n Multifunction VPN Router Firmware

CWE-285Improper AuthorizationCWE-425Forced Browsing5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
78.7%
top 0.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Rv130w Wireless-n Multifunction VPN Router Firmware
Timeline
PublishedJun 20
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-m4rm-wc9j-7vx7: A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to a2022-05-24
CVEList
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability2019-06-20

💥Exploits & PoCs

1
Nuclei
Cisco RV110W RV130W RV215W Router - Information leakage

📋Vendor Advisories

1
Cisco
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability2019-06-19
CVE-2019-1898 — Improper Authorization in Cisco | cvebase