CVE-2015-6396

HIGH

Cisco Rv110w Wireless-n VPN Firewall Firmware - OS Command Injection

Title source: rule

Description

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.

Exploits (1)

exploitdb WORKING POC

by RySh · pythonremotehardware

https://www.exploit-db.com/exploits/45986

View Code ZIP pw:eip

References (4)

[Mitigation, Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45986/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92269

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036528

Scores

CVSS v3 7.8

EPSS 0.0237

EPSS Percentile 85.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (3)

cisco/rv110w_wireless-n_vpn_firewall_firmware

cisco/rv130w_wireless-n_multifunction_vpn_router_firmware

cisco/rv215w_wireless-n_vpn_router_firmware

Published Aug 08, 2016

Tracked Since Feb 18, 2026