Vulnslist

find the latest Cisco vulnerabilities

Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability

cisco-sa-rv-info-dis-FEWBWgsD · Medium · Published · Updated

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

However, disabling the remote management feature, if it is not required, would help to reduce the attack surface of this vulnerability.

CVEsCVE-2020-3150
Cisco Bug IDsCSCvr96267, CSCvr96274
CVSS ScoreBase 5.9
Base 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco RV110W Wireless-N VPN Firewall Firmware, Cisco RV215W Wireless-N VPN Router Firmware

CSAF Product Statuses

Product Status Source CVE Rows
Cisco RV110W Wireless-N VPN Firewall Firmware known_affected cisco_csaf CVE-2020-3150 1
Cisco RV215W Wireless-N VPN Router Firmware known_affected cisco_csaf CVE-2020-3150 1

Related Products

Product CVE Evidence
Cisco RV110W Wireless-N VPN Firewall Firmware CVE-2020-3150 Cisco OpenVuln
Cisco RV215W Wireless-N VPN Router Firmware CVE-2020-3150 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3150 Cisco OpenVuln