Description
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp
Scores
CVSS v3
9.8
EPSS
0.0284
EPSS Percentile
86.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-119
CWE-20
Status
published
Products (4)
cisco/rv110w_wireless-n_vpn_firewall_firmware
< 1.2.2.8
cisco/rv130_vpn_router_firmware
< 1.0.3.54
cisco/rv130w_wireless-n_multifunction_vpn_router_firmware
< 1.0.3.54
cisco/rv215w_wireless-n_vpn_router_firmware
< 1.3.1.7
Published
Jul 16, 2020
Tracked Since
Feb 18, 2026