Vulnerabilities > CVE-2014-0683 - Credentials Management vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
file | exploits/hardware/remote/45986.py |
id | EDB-ID:45986 |
last seen | 2018-12-16 |
modified | 2018-12-14 |
platform | hardware |
port | 443 |
published | 2018-12-14 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/45986 |
title | Cisco RV110W - Password Disclosure / Command Execution |
type | remote |
Packetstorm
data source | https://packetstormsecurity.com/files/download/150781/ciscorv110w-discloseexec.txt |
id | PACKETSTORM:150781 |
last seen | 2018-12-25 |
published | 2018-12-14 |
reporter | RySh |
source | https://packetstormsecurity.com/files/150781/Cisco-RV110W-Password-Disclosure-Command-Execution.html |
title | Cisco RV110W Password Disclosure / Command Execution |