CVE-2019-1899

MEDIUM

Cisco RV110W/RV130W/RV215W - Info Disclosure

Title source: llm

Description

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router.

References (3)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2019-29

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108867

Scores

CVSS v3 5.3

EPSS 0.0143

EPSS Percentile 80.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-285 CWE-425

Status published

Products (3)

cisco/rv110w_firmware

cisco/rv130w_firmware

cisco/rv215w_firmware

Published Jun 20, 2019

Tracked Since Feb 18, 2026