Remote Management Vulnerability in Cisco CVR100W Wireless-N VPN Router
CVE-2017-6620

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Cvr100w Wireless-n Vpn Router
Vendor
CVE Published:
3 May 2017

Summary

A flaw exists in the remote management access control list (ACL) of the Cisco CVR100W Wireless-N VPN Router, enabling unauthorized remote access. This issue arises from an incorrect implementation in the ingress connection request, allowing an attacker to bypass configured ACLs by targeting the management IP address or domain name of the device. This vulnerability can be exploited even when the Remote Management feature is set to Disabled, particularly affecting firmware versions earlier than 1.0.1.24.

Affected Version(s)

Cisco CVR100W Wireless-N VPN Router Cisco CVR100W Wireless-N VPN Router

References

http://www.securitytracker.com/id/1038395
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98289
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.