CVE-2019-1898

MEDIUM NUCLEI

Cisco RV110W, RV130W, and RV215W - Info Disclosure

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.

Nuclei Templates (1)

Cisco RV110W RV130W RV215W Router - Information leakage

MEDIUMVERIFIEDby SleepingBag945

Shodan: http.favicon.hash:"-646322113"

FOFA: icon_hash="-646322113"

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108865

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2019-29

Scores

CVSS v3 5.3

EPSS 0.7868

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-285 CWE-425

Status published

Products (3)

cisco/rv110w_firmware

cisco/rv130w_firmware

cisco/rv215w_firmware

Published Jun 20, 2019

Tracked Since Feb 18, 2026