cbcvebase.
CVE-2019-1898
published 2019-06-20

CVE-2019-1898: A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the…

PriorityP354medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
40.95%
98.5th percentile
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscocisco_rv130w_wireless-n_multifunction_vpn_router_firmware>= unspecified < 1.0.3.511.0.3.51
ciscorv110w_rv130w_and_rv215w_routers_unauthenticated_syslog_file_access

Detection & IOCsextracted from sources · hover to see the quote

path/_syslog.txt
otherhttp.favicon.hash:"-646322113"
othericon_hash="-646322113"
  • HTTP GET/POST request to /_syslog.txt without authentication; response with HTTP 200, Content-Type application/octet-stream, and body containing 'ethernet' and 'connection' indicates successful exploitation.
  • Unauthenticated HTTP request directly to the syslog URL path is the exploit vector; no credentials or session token required.
  • ·The vulnerability affects Cisco RV110W, RV130W, and RV215W routers. Cisco Bug IDs CSCvo65034, CSCvo65037, and CSCvo65038 correspond to each model respectively.
  • ·There are no workarounds available for this vulnerability; patching via firmware update is the only remediation.
  • ·The syslog file exposed contains sensitive operational data including DHCP logs, PPTP logs, login attempts, connected device MAC/IP addresses, and enabled features.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.