Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Router/Bridge/Hub)  >   Cisco Small Business RV Series Vendors:   Cisco
Cisco Small Business RV110W/RV130W/RV215W Series Input Validation Flaw in Web Interface Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1036113
SecurityTracker URL:
CVE Reference:   CVE-2016-1395   (Links to External Site)
Date:  Jun 15 2016
Impact:   Execution of arbitrary code via network, Root access via network
Vendor Confirmed:  Yes  
Version(s): RV110W, RV130W, RV215W
Description:   A vulnerability was reported in Cisco Small Business RV110W, RV130W, and RV215W Series routers. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted HTTP request data to the target web interface to execute arbitrary code with root privileges.

If the remote management interface is enabled, this vulnerability can be exploited from the WAN interface.

The following models are affected:

RV110W Wireless-N VPN Firewall
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router

The vendor has assigned bug IDs CSCux82416, CSCux82422, and CSCux82428 to this vulnerability.

Samuel Huntley reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system with root privileges.
Solution:   No solution was available at the time of this entry.

The vendor plans to issue a fix in the third quarter of 2016 (RV110W, RV130W, RV215W

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC