CVE-2020-3330
published 2020-07-16CVE-2020-3330: A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.44%
87.5th percentile
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_rv110w_wireless-n_vpn_firewall_firmware | — | — |
| cisco | rv110w_wireless-n_vpn_firewall_firmware | < 1.2.2.8 | 1.2.2.8 |
| cisco | small_business_rv110w_wireless-n_vpn_firewall_static_default_credential | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
SIDs 54538 - 54567
- →Exploit vector is Telnet — monitor for unauthenticated Telnet connections to Cisco RV110W devices, especially login attempts using the device's built-in static default system account credentials. ↗
- →Use Cisco's published Snort SID range 54538–54567 to detect exploitation attempts against CVE-2020-3330 and related RV-series vulnerabilities. ↗
- →Track Cisco bug ID CSCvs50818 for patch/version correlation when fingerprinting vulnerable RV110W firmware in the environment. ↗
- ·Cisco states there are no workarounds — only the released software update fully remediates the static credential issue. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6925-92m9-84w6: A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker t
ghsa_unreviewed·2022-05-24
CVE-2020-3330 [HIGH] GHSA-6925-92m9-84w6: A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker t
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.
Cisco
Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
vendor_cisco·2020-07-15·CVSS 9.8
CVE-2020-3330 [CRITICAL] CWE-798 Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account.
The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.c
Cisco
Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3330 Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
CVE-2020-3330: Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-798, CWE-798
Bug IDs: CSCvs50818
No detection rules found.
No public exploits indexed.
Talos
Threat Source newsletter for July 23, 2020
blogs_talos·2020-07-23
Threat Source newsletter for July 23, 2020
## Threat Source newsletter for July 23, 2020
Good afternoon, Talos readers. While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calling "Prometei" that mines for Monero. Here's why you need to be on the lookout for this botnet and why it could be a sign of worse things to come if you're infected.
If you didn't get enough election security news last week with our research paper , the guys on Beers With Talos dug even deeper into the topic in the latest episode .
## Cyber Security Week in Review
More information continues to come out regarding the massive Twitter hack last week that led to several high
Talos
Threat Source newsletter for July 23, 2020
blogs_talos·2020-07-23
Threat Source newsletter for July 23, 2020
Good afternoon, Talos readers.
While ransomware attacks continue to hog all the headlines, cryptocurrency miners are still running the background, sapping computing power from unsuspecting victims. We have what we believe is the first documentation of a new botnet we're calling "Prometei" that mines for Monero. Here's why you need to be on the lookout for this botnet and why it could be a sign of worse things to come if you're infected.
If you didn't get enough election security news last week with our research paper, the guys on Beers With Talos dug even deeper into the topic in the latest episode.
### Cyber Security Week in Review
- More information continues to come out regarding the massive Twitter hack last week that led to several high-profile accounts being taken over and sending
2020-07-16
Published