Description
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2019-29
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108848
Scores
CVSS v3
5.3
EPSS
0.0448
EPSS Percentile
90.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-285
CWE-306
Status
published
Products (3)
cisco/rv110w_firmware
cisco/rv130w_firmware
cisco/rv215w_firmware
Published
Jun 20, 2019
Tracked Since
Feb 18, 2026