Remote Code Execution in Cisco RV110W, RV130W, and RV215W Devices
CVE-2016-1395

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Rv130w Wireless-n Multifunction Vpn Router Firmware
Vendor: CVE Published:; 19 June 2016

What is CVE-2016-1395?

The web-based management interface on specific Cisco routers includes a vulnerability that allows remote attackers to execute arbitrary code with root privileges. This is achieved through specially crafted HTTP requests targeting the devices with outdated firmware. Users are recommended to upgrade to the latest firmware versions to mitigate this security flaw.

References

http://www.securitytracker.com/id/1036113

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2016
Vulnerability Reserved
Jan 4, 2016