CVE-2019-15271

Published: Nov 26, 2019Modified: Oct 28, 2025CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.

Affected (4)

Products: Cisco: Rv016 Multi Wan Vpn Firmware, Rv042 Dual Wan Vpn Firmware, Rv042g Dual Gigabit Wan Vpn Firmware, Rv082 Dual Wan Vpn Firmware

Cisco

4 products

Rv016 Multi Wan Vpn Firmware

Rv042 Dual Wan Vpn Firmware

Rv042g Dual Gigabit Wan Vpn Firmware

Rv082 Dual Wan Vpn Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv016 Multi Wan Vpn Firmware	Before 4.2.3.10

Running on/with	Platform Versions
Cisco Rv016 Multi Wan Vpn	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv042 Dual Wan Vpn Firmware	Before 4.2.3.10

Running on/with	Platform Versions
Cisco Rv042 Dual Wan Vpn	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv042g Dual Gigabit Wan Vpn Firmware	Before 4.2.3.10

Running on/with	Platform Versions
Cisco Rv042g Dual Gigabit Wan Vpn	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv082 Dual Wan Vpn Firmware	Before 4.2.3.10

Running on/with	Platform Versions
Cisco Rv082 Dual Wan Vpn	All versions

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (3)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15271

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.