CVE-2015-6319

Published: Jan 27, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.

Affected (13)

Products: Cisco: Rv Series Router Firmware · Sun: Opensolaris

Cisco

1 product

Rv Series Router Firmware

Sun

1 product

Opensolaris

Configuration A

13 vulnerable · 21 platform

Vulnerable Software	Affected Versions
Cisco Rv Series Router Firmware	Version 1.0.0.2
Cisco Rv Series Router Firmware	Version 1.0.0.30
Cisco Rv Series Router Firmware	Version 1.0.1.9
Cisco Rv Series Router Firmware	Version 1.0.2.6
Cisco Rv Series Router Firmware	Version 1.0.3.10
Cisco Rv Series Router Firmware	Version 1.0.4.10
Cisco Rv Series Router Firmware	Version 1.0.4.14
Cisco Rv Series Router Firmware	Version 1.0.5.6
Cisco Rv Series Router Firmware	Version 1.0.5.8
Cisco Rv Series Router Firmware	Version 1.0.6.6
Cisco Rv Series Router Firmware	Version 1.1.0.9
Cisco Rv Series Router Firmware	Version 1.2.0.2
Sun Opensolaris	Version snv_124

Running on/with	Platform Versions
Cisco Rv016 Multi Wan Vpn Router	All versions
Cisco Rv042 Dual Wan Vpn Router	All versions
Cisco Rv042g Dual Gigabit Wan Vpn Router	All versions
Cisco Rv082 Dual Wan Vpn Router	All versions
Cisco Rv110w Wireless N Vpn Firewall	All versions
Cisco Rv120w Wireless N Vpn Firewall	All versions
Cisco Rv130 Vpn Router	All versions
Cisco Rv130w Wireless N Multifunction Vpn Router	All versions
Cisco Rv180 Vpn Router	All versions
Cisco Rv180w Wireless N Multifunction Vpn Router	All versions
Cisco Rv215w Wireless N Vpn Router	All versions
Cisco Rv220w Wireless Network Security Firewall	All versions
Cisco Rv320 Dual Gigabit Wan Vpn Router	All versions
Cisco Rv320 Dual Gigabit Wan Wf Vpn Router	All versions
Cisco Rv325 Dual Gigabit Wan Wf Vpn Router	All versions
Cisco Rv325 Dual Wan Gigabit Vpn Router	All versions
Cisco Rvl200 4 Port Ssl Ipsec Vpn Router	All versions
Cisco Rvs4000 4 Port Gigabit Security Router Vpn	All versions
Cisco Wrv200 Wireless G Vpn Router Rangebooster	All versions
Cisco Wrv210 Wireless G Vpn Router Rangebooster	All versions
Cisco Wrvs4400n Wireless N Gigabit Security Router Vpn V2.0	All versions

Related CWEs

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1034830

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1034830

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.