CVE-2018-0423

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.

Severity	HIGH
CVSS	8.1
CWE	CWE-119
KEV
Published	7 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Small Business RV Series Router Firmware	cisco-sa-20180905-rv-routers-overflow
Cisco RV Series Routers	cisco-sa-20180905-rv-routers-overflow
Cisco Nexus Dashboard	cisco-sa-20180905-rv-routers-overflow
Cisco Catalyst PON Series Switches	cisco-sa-20180905-rv-routers-overflow
Cisco RV215W Wireless-N VPN Router Firmware	cisco-sa-20180905-rv-routers-overflow
Cisco RV130W Wireless-N Multifunction VPN Router Firmware	cisco-sa-20180905-rv-routers-overflow
Cisco RV110W Wireless-N VPN Firewall Firmware	cisco-sa-20180905-rv-routers-overflow