← Back

CVE-2015-6397

nvd nist
Published: Aug 8, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.

Affected (3)

Cisco
3 products
Rv110w Wireless N Vpn Firewall Firmware
Rv130w Wireless N Multifunction Vpn Router Firmware
Rv215w Wireless N Vpn Router Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rv110w Wireless N Vpn Firewall Firmware
All versions
Running on/withPlatform Versions
Cisco
Rv110w Wireless N Vpn Firewall
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rv130w Wireless N Multifunction Vpn Router Firmware
All versions
Running on/withPlatform Versions
Cisco
Rv130w Wireless N Multifunction Vpn Router
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rv215w Wireless N Vpn Router Firmware
All versions
Running on/withPlatform Versions
Cisco
Rv215w Wireless N Vpn Router
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: psirt@cisco.com
MitigationVDB EntryVendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.