Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2018-0424

CVE information

Published

4 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

High

Impact Analysis

Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user..

CVSSv2.0 Score

Severity
High
Base Score
9/10
Exploit Score
8/10
Access Vector
Network
Access Complexity
Low
Authentication Required
Single
Impact Score
10/10
Confidentiality Impact
Complete
Availability Impact
Complete
Integrity Impact
Complete

CVSSv3.1 Score

Severity
High
Base Score
8.8/10
Exploit Score
2.8/10
Access Vector
Network
Access Complexity
Low
Privileges Required
Low
Impact Score
5.9/10
Confidentiality Impact
High
Availability Impact
High
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*
  No
-
cpe:2.3:o:cisco:rv130w_firmware:*:*:*:*:*:*:*:*
  Yes
- 1.0.3.44
cpe:2.3:h:cisco:rv130w:*:*:*:*:*:*:*:*
  No
-
cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*
  Yes
-
cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*
  No
-