CVE-2020-3145
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.
Affected (4)
Products: Cisco: Rv110w Firmware, Rv130 Firmware, Rv130w Firmware, Rv215w Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.2.2.8 |
| Running on/with | Platform Versions |
|---|---|
Cisco Rv110w | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.3.55 |
| Running on/with | Platform Versions |
|---|---|
Cisco Rv130 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.3.55 |
| Running on/with | Platform Versions |
|---|---|
Cisco Rv130w | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.3.1.7 |
| Running on/with | Platform Versions |
|---|---|
Cisco Rv215w | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.