exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2019-1653

Status Candidate

Overview

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

Related Files

LayerBB 1.1.3 Cross Site Request Forgery
Posted Sep 20, 2019
Authored by 0xB9

LayerBB version 1.1.3 suffers from a cross site request forgery vulnerability.

tags | exploit, xss, csrf
advisories | CVE-2019-16531
MD5 | b599fecb0f9a19d1ceb90b55d70b84bc
Cisco RV320 / RV325 Unauthenticated Remote Code Execution
Posted Mar 30, 2019
Authored by Philip Huppert, RedTeam Pentesting GmbH, Benjamin Grap | Site metasploit.com

This Metasploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.

tags | exploit, remote, web, code execution, info disclosure
systems | cisco
advisories | CVE-2019-1652, CVE-2019-1653
MD5 | 7c621eb89c6b32e552d814e012fad4b9
Cisco RV320 Unauthenticated Diagnostic Data Retrieval
Posted Mar 27, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device's web interface due to an inadequate fix by the vendor.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
MD5 | 3c437f9164cf1a024c6fec66988f9cf5
Cisco RV320 Unauthenticated Configuration Export
Posted Mar 27, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
MD5 | 08368f9e046725eb52f22f696d66e165
Cisco RV300 / RV320 Information Disclosure
Posted Jan 29, 2019
Authored by Harom Ramos

Cisco RV300 and RV320 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
systems | cisco
advisories | CVE-2019-1653
MD5 | 3e274f9cd5167fe2dc1dc9d26e45b852
Cisco RV320 Unauthenticated Diagnostic Data Retrieval
Posted Jan 24, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Versions affected include 1.4.2.15 and 1.4.2.17.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
MD5 | 91a2e5f5865089a09b9294c78db4dd79
Cisco RV320 Unauthenticated Configuration Export
Posted Jan 24, 2019
Site redteam-pentesting.de

RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Affected versions include 1.4.2.15 and 1.4.2.17.

tags | exploit, web
systems | cisco
advisories | CVE-2019-1653
MD5 | 26f91421f6edf594c084d8cc00f2287e
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close