CVE-2019-1914

HIGH

Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Authenticated Command Injection via Web Management Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1914. PoCs published by bashis.

AI-analyzed exploit summary This Python PoC exploits a stack overflow vulnerability in Realtek Managed Switch Controller (RTL83xx) devices, leveraging a 'one byte read-write loop' without boundary checks in Boa/Hydra web servers. It achieves remote code execution via MIPS Big Endian shellcode, targeting multiple vendors and firmware versions.

Description

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.

Exploits (1)

exploitdb WORKING POC

by bashis · pythonremotehardware

https://www.exploit-db.com/exploits/47442

View Code ZIP pw:eip

This Python PoC exploits a stack overflow vulnerability in Realtek Managed Switch Controller (RTL83xx) devices, leveraging a 'one byte read-write loop' without boundary checks in Boa/Hydra web servers. It achieves remote code execution via MIPS Big Endian shellcode, targeting multiple vendors and firmware versions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Realtek Managed Switch Controller (RTL83xx) with Boa/Hydra web server (multiple vendors and firmware versions)

No auth needed

Prerequisites: Network access to the target device · Python 2.7 environment with required libraries (e.g., pwntools, Crypto)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-inject

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/154667/Realtek-Managed-Switch-Controller-RTL83xx-Stack-Overflow.html

Scores

CVSS v3 7.2

EPSS 0.2485

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (11)

cisco/sf-220-24_firmware < 1.1.4.4

cisco/sf220-24p_firmware < 1.1.4.4

cisco/sf220-48_firmware < 1.1.4.4

cisco/sf220-48p_firmware < 1.1.4.4

cisco/sg220-26_firmware < 1.1.4.4

cisco/sg220-26p_firmware < 1.1.4.4

cisco/sg220-28_firmware < 1.1.4.4

cisco/sg220-28mp_firmware < 1.1.4.4

cisco/sg220-50_firmware < 1.1.4.4

cisco/sg220-50p_firmware < 1.1.4.4

... and 1 more

Published Aug 07, 2019

Tracked Since Feb 18, 2026