Directory Traversal Vulnerability in Cisco RV180 and RV180W Devices
CVE-2016-1429

7.5HIGH

Key Information:

Vendor
Cisco
Status
Rv180 Vpn Router Firmware
Vendor
CVE Published:
8 August 2016

Summary

A directory traversal vulnerability exists in the web interface of Cisco RV180 and RV180W devices. This flaw enables remote attackers to exploit crafted HTTP requests to gain unauthorized access to sensitive files on the device. Successful exploitation of this vulnerability allows attackers to read arbitrary files, potentially compromising the confidentiality and integrity of the system. Proper security measures, including prompt patching and restrictions on file access, are essential to mitigate this risk.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/92270
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036527
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.