CVE-2020-3150Improper Authorization in Cisco Rv110w Firmware

CWE-285Improper AuthorizationCWE-863Incorrect Authorization4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 43.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Rv110w FirmwareCisco Rv215w FirmwareCisco Rv110w Wireless-n VPN Firewall Firmware
Timeline
PublishedJul 16
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a spec

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDcisco/rv110w_firmware< 1.2.2.8
NVDcisco/rv215w_firmware< 1.3.1.7

🔴Vulnerability Details

2
GHSA
GHSA-4qp8-g498-pjrc: A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote2022-05-24
CVEList
Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability2020-07-16

📋Vendor Advisories

1
Cisco
Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability2020-07-15
CVE-2020-3150 — Improper Authorization in Cisco | cvebase