CVE-2016-1395
CRITICALCisco RV110W <1.2.1.7, RV130W <1.0.3.16, RV215W <1.3.0.8 - RCE
Title source: llmDescription
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036113
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
Scores
CVSS v3
9.8
EPSS
0.0481
EPSS Percentile
90.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (12)
cisco/rv110w_wireless-n_vpn_firewall_firmware
1.1.0.9
cisco/rv110w_wireless-n_vpn_firewall_firmware
1.2.0.9
cisco/rv110w_wireless-n_vpn_firewall_firmware
1.2.0.10
cisco/rv110w_wireless-n_vpn_firewall_firmware
1.2.1.4
cisco/rv130w_wireless-n_multifunction_vpn_router_firmware
1.0.0.21
cisco/rv130w_wireless-n_multifunction_vpn_router_firmware
1.0.1.3
cisco/rv130w_wireless-n_multifunction_vpn_router_firmware
1.0.2.7
cisco/rv215w_wireless-n_vpn_router_firmware
1.1.0.5
cisco/rv215w_wireless-n_vpn_router_firmware
1.1.0.6
cisco/rv215w_wireless-n_vpn_router_firmware
1.2.0.14
... and 2 more
Published
Jun 19, 2016
Tracked Since
Feb 18, 2026