exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20160615-rv

Cisco Security Advisory 20160615-rv
Posted Jun 15, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, web, arbitrary, root
systems | cisco
SHA-256 | 358e6cae4e6366a6f3ead0caa340bb5b6b44ff1423e6801085dae36564a1b3b2

Cisco Security Advisory 20160615-rv

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20160615-rv

Revision 1.0

For Public Release 2016 June 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system.

The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV1iuka89gD3EAJB5AQJHig/6A8c0ghf49Ku0Z3nkuRKv0V1jrahBY6uX
RemK4SgHfPqUjeSaM9ci2RuCqFe1BeDOK9GBM3P6Mw0Tq5SpMndGD46P4Ha0hgL/
WuJsiwaPkOFKFS47pIKdX0k97RX9AWlHjYoB9XIXb19M+449rHi0Cz90b3Wk1w60
rXYtVtbqdiL5WVn/HmYA95EzwZ4HozVZvDIAzKkUy+mjOkTSHR38gpLSoCibB+3l
I6U2Txc2crjnaUxupTRs9IG+hcDvNCaLb8C/ojSrXpQQGV3Q9XEXE9x/EZMLFl9x
aQkJRiKT8aGAZfqqvP9JxuECXSTm2koYR2sgaI0yJWmpp068j0dA6zdc/zn/nM7N
Rx27U1yWFH0qbFn8q65BbS/IOw+u1aV/LtmieWxuySHW0/BlVPEJyFXRZaS+rSfF
Ted/NRe9e4XGd6Bn98S9+8vXXrvcaWcrxrl3aLy+lDstbl07EOC+eLd+YvzRrxbj
s3uKiliQpryCkSC49SaY0zmj11KMpB0psLeUKPhJWzpa7LJpSRZtTbDyCjMrtspw
mwobTZB+V8cVayhrPwGIyUN0ImfGg3DH1vlNoaUoXD8Wcj0T9dhWBkwx0dH/Oxol
pSsR95Pi3p2e5xS47+7b1l1ViR0eTBTeCT+4bHMfPoDcp8msEJ/sSxpwZgiPAdjv
53TxLvrILWg=
=2XbL
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close