Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-3882

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642.

Published

2017-05-16T17:29:00.293

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.6 (CRITICAL)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	small_business_rv_router_firmware	1.0.0.30	Yes
Application	cisco	small_business_rv_router_firmware	1.0.1.9	Yes
Application	cisco	small_business_rv_router_firmware	1.0.1.19	Yes
Application	cisco	small_business_rv_router_firmware	1.0.2.6	Yes
Application	cisco	small_business_rv_router_firmware	1.0.3.10	Yes
Application	cisco	small_business_rv_router_firmware	1.0.4.10	Yes
Application	cisco	small_business_rv_router_firmware	1.0.4.14	Yes
Application	cisco	small_business_rv_router_firmware	1.0.5.4	Yes
Application	cisco	small_business_rv_router_firmware	1.0.5.4\(gd\)	Yes
Application	cisco	small_business_rv_router_firmware	1.0.5.5	Yes
Application	cisco	small_business_rv_router_firmware	1.0.5.6	Yes
Application	cisco	small_business_rv_router_firmware	1.0.5.8	Yes
Application	cisco	small_business_rv_router_firmware	1.0.6.6	Yes
Application	cisco	small_business_rv_router_firmware	1.0.39	Yes
Application	cisco	small_business_rv_router_firmware_1.0	0.2	Yes
Hardware	cisco	rv042	-	No
Hardware	cisco	rv042g	-	No
Hardware	cisco	rv082	-	No
Hardware	cisco	rv110w	-	No
Hardware	cisco	rv130	-	No
Hardware	cisco	rv130_wf	-	No
Hardware	cisco	rv130w	-	No
Hardware	cisco	rv130w_wf	-	No
Hardware	cisco	rv132w	-	No
Hardware	cisco	rv134w	-	No
Hardware	cisco	rv215w	-	No
Hardware	cisco	rv320	-	No
Hardware	cisco	rv320_wf	-	No
Hardware	cisco	rv325	-	No
Hardware	cisco	rv325_wf	-	No

References

http://www.securityfocus.com/bid/98287 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1038391 ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/98287 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038391 (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)