Showing 1 - 3 of 3

CVE-2019-1652

Status Candidate

Overview

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.

Related Files

Cisco RV320 / RV325 Unauthenticated Remote Code Execution: Posted Mar 30, 2019; Authored by Philip Huppert, RedTeam Pentesting GmbH, Benjamin Grap | Site metasploit.com; This Metasploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.; tags | exploit, remote, web, code execution, info disclosure; systems | cisco; advisories | CVE-2019-1652, CVE-2019-1653; SHA-256 | 3a5930431c87e0e5f639afb9c3aa17008a55b97dc03414a6b04b7d6a4f631c82; Download | Favorite | View

Cisco RV320 Command Injection: Posted Mar 27, 2019; Site redteam-pentesting.de; RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.; tags | exploit, web; systems | cisco; advisories | CVE-2019-1652; SHA-256 | fa1fddffe139a0d576a787664aa6b3b1d1207ed373110904ad3b88fa8d1e4370; Download | Favorite | View

Cisco RV320 Command Injection: Posted Jan 24, 2019; Site redteam-pentesting.de; RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Versions 1.4.2.15 through 1.4.2.19 are affected. Fixed in version 1.4.2.20.; tags | exploit, web; systems | cisco; advisories | CVE-2019-1652; SHA-256 | 0ef1e407d0628e9e533465222b68937646fa1649db7cb36d50953a7f19722bfc; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 318 files
Ubuntu 67 files
Debian 25 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 8 files
Milad Karimi 6 files
Google Security Research 5 files
liquidsky 3 files
Erdemstar 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,485)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,706)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

CVE-2019-1652

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems