Cross-Site Request Forgery in Cisco RV Routers Affecting Cisco Systems
CVE-2014-2178

Currently unrated

Key Information:

Vendor: Cisco
Status: Rv180 Firmware; Rv180; Rv180w
Vendor: CVE Published:; 7 November 2014

Summary

This vulnerability allows remote attackers to exploit the administrative web interface of Cisco RV routers, specifically targeting RV220W, RV120W, RV180, and RV180W models. By tricking an authenticated administrator into performing actions unknowingly via CSRF, attackers can gain unauthorized access and control over the device without user consent. Such exploitation can lead to significant security breaches, including but not limited to the hijacking of session tokens.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://packetstormsecurity.com/files/128992/Cisco-RV-Over...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/98498

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Nov 7, 2014
Vulnerability Reserved
Feb 25, 2014