The Cisco RV series suffers from arbitrary file overwrite, arbitrary command execution, and cross site request forgery vulnerabilities.
ab1cc7e024746d65f1cc4a6bf8683bd942b18bb262e9cd877a1b315a168cf955
------------------------------------------------------------------------
Cisco RV Series multiple vulnerabilities
------------------------------------------------------------------------
Yorick Koster, June 2013
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple vulnerabilities have been found in Cisco RV Series devices that
allows an attacker to overwrite/create arbitrary files, execute
arbitrary commands, and execute Cross-Site Request Forgery attacks.
------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
These following Cisco RV Series devices are affected by these issues:
- Cisco RV120W Wireless-N VPN Firewall running firmware prior to 1.0.5.9
- Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN
Router running firmware versions prior to 1.0.4.14
- Cisco RV220W Wireless Network Security Firewall running any currently
available release
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Please consult Cisco advisory cisco-sa-20141105-rv [4] for fix
information.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html
------------------------------------------------------------------------
References
------------------------------------------------------------------------
[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179
[4]
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv