Remote File Upload Vulnerability in Cisco RV Series Routers
CVE-2014-2179

Currently unrated

Key Information:

Vendor: Cisco
Status: Rv180 Firmware; Rv180; Rv180w
Vendor: CVE Published:; 7 November 2014

Summary

The RV Series Routers from Cisco include a vulnerability that allows remote attackers to upload files to arbitrary locations on affected devices. This is facilitated by a crafted HTTP request which can be exploited without requiring authentication. The flaw has been identified in specific firmware versions of RV220W, RV120W, RV180, and RV180W models, exposing them to potential unauthorized control or access to sensitive information.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://packetstormsecurity.com/files/128992/Cisco-RV-Over...

x_refsource_MISC

http://seclists.org/fulldisclosure/2014/Nov/6

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Nov 7, 2014
Vulnerability Reserved
Feb 25, 2014