SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco Small Business RV Series Vendors:   Cisco
Cisco Small Business RV110W/RV130W/RV215W Series Buffer Overflows Let Remote Authenticated Users Cause the Target System to Reload
SecurityTracker Alert ID:  1036115
SecurityTracker URL:  http://securitytracker.com/id/1036115
CVE Reference:   CVE-2016-1397, CVE-2016-1398   (Links to External Site)
Updated:  Jun 15 2016
Original Entry Date:  Jun 15 2016
Impact:   Denial of service via network
Vendor Confirmed:  Yes  
Version(s): RV110W, RV130W, RV215W
Description:   Two vulnerabilities were reported in Cisco Small Business RV110W/RV130W/RV215W Series Routers. A remote authenticated user can cause the target system to reload.

A remote authenticated user can send specially crafted HTTP data via the web management interface to trigger a buffer overflow and cause the target system to reload [CVE-2016-1397, CVE-2016-1398].

If the remote management interface is enabled, this vulnerability can be exploited from the WAN interface.

The following models are affected:

RV110W Wireless-N VPN Firewall
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router

The vendor has assigned bug IDs CSCux82523, CSCux82531, and CSCux82536 [for CVE-2016-1397] and CSCux86664, CSCux86669, and CSCux86675 [for CVE-2016-1398] to this vulnerability.

Samuel Huntley reported this vulnerability.

Impact:   A remote authenticated user can cause the target system to reload.
Solution:   No solution was available at the time of this entry.

The vendor plans to issue a fix in the third quarter of 2016 (RV110W 1.2.1.7, RV130W 1.0.3.16, RV215W 1.3.0.8).

The vendor's advisories are available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2 (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC