CVE-2016-1395

CRITICAL

Cisco RV110W <1.2.1.7, RV130W <1.0.3.16, RV215W <1.3.0.8 - RCE

Title source: llm
STIX 2.1

Description

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036113

Scores

CVSS v3 9.8
EPSS 0.0481
EPSS Percentile 90.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (12)
cisco/rv110w_wireless-n_vpn_firewall_firmware 1.1.0.9
cisco/rv110w_wireless-n_vpn_firewall_firmware 1.2.0.9
cisco/rv110w_wireless-n_vpn_firewall_firmware 1.2.0.10
cisco/rv110w_wireless-n_vpn_firewall_firmware 1.2.1.4
cisco/rv130w_wireless-n_multifunction_vpn_router_firmware 1.0.0.21
cisco/rv130w_wireless-n_multifunction_vpn_router_firmware 1.0.1.3
cisco/rv130w_wireless-n_multifunction_vpn_router_firmware 1.0.2.7
cisco/rv215w_wireless-n_vpn_router_firmware 1.1.0.5
cisco/rv215w_wireless-n_vpn_router_firmware 1.1.0.6
cisco/rv215w_wireless-n_vpn_router_firmware 1.2.0.14
... and 2 more
Published Jun 19, 2016
Tracked Since Feb 18, 2026