Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability
CVE-2018-0404

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Rv180w Wireless-n Multifunction Vpn Router
Vendor: CVE Published:; 5 October 2018

Summary

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes.

Affected Version(s)

Cisco RV180W Wireless-N Multifunction VPN Router

References

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk27179

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2018
Vulnerability Reserved
Nov 27, 2017