CVE-2019-1652

This Metasploit module exploits CVE-2019-1653 (info disclosure) and CVE-2019-1652 (command injection) to achieve unauthenticated RCE on Cisco RV320/RV325 routers. It downloads credentials via config export, logs in, and injects a command via certificate generation.

This exploit demonstrates a command injection vulnerability in the Cisco RV320 router's web-based certificate generator feature. The vulnerability allows attackers with administrative access to execute arbitrary commands via the 'common_name' parameter in an HTTP POST request.

This repository contains functional exploit code for CVE-2019-1652 and CVE-2019-1653, targeting Cisco RV320/RV325 routers. It includes scripts for dumping configurations, debug data, decrypting diagnostic files, and achieving post-authentication RCE via command injection.

This Metasploit module exploits CVE-2019-1652, a command injection vulnerability in Cisco RV320 and RV325 routers, combined with CVE-2019-1653 (information disclosure) to achieve unauthenticated remote code execution. It downloads the router's configuration to extract credentials, logs in, and injects a malicious command via the certificate generation page.