← Back

CVE-2015-6396

nvd nist
Published: Aug 8, 2016Modified: May 6, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.

Affected (3)

Cisco
3 products
Rv110w Wireless N Vpn Firewall Firmware
Rv130w Wireless N Multifunction Vpn Router Firmware
Rv215w Wireless N Vpn Router Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rv110w Wireless N Vpn Firewall Firmware
All versions
Running on/withPlatform Versions
Cisco
Rv110w Wireless N Vpn Firewall
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rv130w Wireless N Multifunction Vpn Router Firmware
All versions
Running on/withPlatform Versions
Cisco
Rv130w Wireless N Multifunction Vpn Router
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rv215w Wireless N Vpn Router Firmware
All versions
Running on/withPlatform Versions
Cisco
Rv215w Wireless N Vpn Router
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (8)

Source: psirt@cisco.com
MitigationVendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.