CVE-2020-3269 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Rv110w Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGHNVD

EPSS

1.1%

top 22.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv110w Firmware Cisco Rv130 Firmware Cisco Rv130w Firmware +2 more

Timeline

PublishedJun 18

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶NVDcisco/rv130w_firmware1.0.3.54

▶CVEListV5cisco/cisco_rv130w_wireless-n_multifunction_vpn_router_firmwaren/a

▶NVDcisco/rv130_firmware1.0.3.54

▶NVDcisco/rv110w_firmware1.2.2.5

▶NVDcisco/rv215w_firmware1.3.1.5

🔴Vulnerability Details

GHSA

GHSA-h3jv-v796-vm2h: Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated,↗2022-05-24

▶

CVEList

Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities↗2020-06-18

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities↗2020-06-17

▶