CVE-2018-0404

HIGH

Cisco RV180W and RV220W - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.

References (1)

Core 1
Core References
Permissions Required, Vendor Advisory x_refsource_confirm
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179

Scores

CVSS v3 7.5
EPSS 0.0147
EPSS Percentile 70.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
cisco/rv180w_wireless-n_multifunction_vpn_router
cisco/rv220w_wireless_network_security_firewall
Published Oct 05, 2018
Tracked Since Feb 18, 2026