Vulnslist

find the latest Cisco vulnerabilities

Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities

cisco-sa-rv-rce-m4FEEGWX · High · Published · Updated

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. Cisco has released software updates that address the vulnerabilities described in this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities. Disabling the remote management feature, if not required, would help to reduce the attack surface of these vulnerabilities.

CVEsCVE-2020-3145, CVE-2020-3146
Cisco Bug IDsCSCvr94660, CSCvr96225, CSCvr96222, CSCvr96235, CSCvr96242, CSCvr96232
CVSS ScoreBase 8.8
Base 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco RV130W Wireless-N Multifunction VPN Router Firmware, Cisco RV110W Wireless-N VPN Firewall Firmware, Cisco RV215W Wireless-N VPN Router Firmware, Cisco RV130 VPN Router

CSAF Product Statuses

Product Status Source CVE Rows
Cisco RV110W Wireless-N VPN Firewall Firmware known_affected cisco_csaf CVE-2020-3145, CVE-2020-3146 2
Cisco RV130 VPN Router known_affected cisco_csaf CVE-2020-3145, CVE-2020-3146 2
Cisco RV130W Wireless-N Multifunction VPN Router Firmware known_affected cisco_csaf CVE-2020-3145, CVE-2020-3146 2
Cisco RV215W Wireless-N VPN Router Firmware known_affected cisco_csaf CVE-2020-3145, CVE-2020-3146 2

Related Products

Product CVE Evidence
Cisco RV110W Wireless-N VPN Firewall Firmware CVE-2020-3146 Cisco OpenVuln
Cisco RV130 VPN Router CVE-2020-3146 Cisco OpenVuln
Cisco RV130W Wireless-N Multifunction VPN Router Firmware CVE-2020-3146 Cisco OpenVuln
Cisco RV215W Wireless-N VPN Router Firmware CVE-2020-3146 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3146 Cisco OpenVuln
Cisco RV110W Wireless-N VPN Firewall Firmware CVE-2020-3145 Cisco OpenVuln
Cisco RV130 VPN Router CVE-2020-3145 Cisco OpenVuln
Cisco RV130W Wireless-N Multifunction VPN Router Firmware CVE-2020-3145 Cisco OpenVuln
Cisco RV215W Wireless-N VPN Router Firmware CVE-2020-3145 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3145 Cisco OpenVuln