Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3146


Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.


Published

2020-07-16T18:15:16.690

Last Modified

2024-11-21T05:30:25.247

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-119
  • Type: Primary
    CWE-119

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco rv110w_wireless-n_vpn_firewall_firmware < 1.2.2.8 Yes
Hardware cisco rv110w_wireless-n_vpn_firewall - No
Operating System cisco rv130_firmware < 1.0.3.55 Yes
Hardware cisco rv130 - No
Operating System cisco rv130w_firmware < 1.0.3.55 Yes
Hardware cisco rv130w - No
Operating System cisco rv215w_firmware < 1.3.1.7 Yes
Hardware cisco rv215w - No

References