CVE-2019-1653

Published: Jan 24, 2019Modified: Oct 28, 2025CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

Affected (4)

Products: Cisco: Rv320 Firmware, Rv325 Firmware

Cisco

2 products

Rv320 Firmware

Rv325 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv320 Firmware	Version 1.4.2.15
Cisco Rv320 Firmware	Version 1.4.2.17

Running on/with	Platform Versions
Cisco Rv320	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv325 Firmware	Version 1.4.2.15
Cisco Rv325 Firmware	Version 1.4.2.17

Running on/with	Platform Versions
Cisco Rv325	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (31)

http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html

Source: psirt@cisco.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html

Source: psirt@cisco.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Mar/59

Source: psirt@cisco.com

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Mar/60

Source: psirt@cisco.com

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/bid/106732

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/

Source: psirt@cisco.com

Third Party Advisory

https://seclists.org/bugtraq/2019/Mar/53

Source: psirt@cisco.com

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Mar/54

Source: psirt@cisco.com

Mailing ListThird Party Advisory

https://threatpost.com/scans-cisco-routers-code-execution/141218/

Source: psirt@cisco.com

Third Party Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info

Source: psirt@cisco.com

Vendor Advisory

https://www.exploit-db.com/exploits/46262/

Source: psirt@cisco.com

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/46655/

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=bx0RQJDlGbY

Source: psirt@cisco.com

Third Party Advisory

https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/

Source: psirt@cisco.com

Third Party Advisory

http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html