Vulnerabilities > CVE-2019-1663 - Out-of-bounds Write vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware
Summary
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id EDB-ID:46961 last seen 2019-06-04 modified 2019-06-04 published 2019-06-04 reporter Exploit-DB source https://www.exploit-db.com/download/46961 title Cisco RV130W 1.0.3.44 - Remote Stack Overflow id EDB-ID:47348 last seen 2019-09-03 modified 2019-09-03 published 2019-09-03 reporter Exploit-DB source https://www.exploit-db.com/download/47348 title Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit) file exploits/hardware/remote/46705.rb id EDB-ID:46705 last seen 2019-04-15 modified 2019-04-15 platform hardware port published 2019-04-15 reporter Exploit-DB source https://www.exploit-db.com/download/46705 title Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit) type remote
Metasploit
description A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition. id MSF:EXPLOIT/LINUX/HTTP/CVE_2019_1663_CISCO_RMI_RCE last seen 2020-06-12 modified 2019-10-27 published 2019-07-27 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/cve_2019_1663_cisco_rmi_rce.rb title Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution description A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition. id MSF:EXPLOIT/LINUX/HTTP/CISCO_RV130_RMI_RCE last seen 2020-06-12 modified 2019-08-30 published 2019-03-22 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/cisco_rv130_rmi_rce.rb title Cisco RV130W Routers Management Interface Remote Command Execution
Nessus
NASL family | CISCO |
NASL id | CISCO-SA-20190227-RMI-CMD-EX.NASL |
description | According to its self-reported version, the version of the Cisco Small Business Wireless-N VPN Router installed on the remote host is affected by a remote command execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands as a high-privilege user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 122483 |
published | 2019-02-27 |
reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/122483 |
title | Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability (cisco-sa-20190227-rmi-cmd-ex) |
Packetstorm
data source https://packetstormsecurity.com/files/download/153163/ciscorv130w10344-overflow.txt id PACKETSTORM:153163 last seen 2019-06-05 published 2019-06-04 reporter 0x00string source https://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html title Cisco RV130W 1.0.3.44 Remote Stack Overflow data source https://packetstormsecurity.com/files/download/152507/cisco_rv130_rmi_rce.rb.txt id PACKETSTORM:152507 last seen 2019-04-15 published 2019-04-14 reporter Quentin Kaiser source https://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html title Cisco RV130W Routers Management Interface Remote Command Execution data source https://packetstormsecurity.com/files/download/154310/cve_2019_1663_cisco_rmi_rce.rb.txt id PACKETSTORM:154310 last seen 2019-09-02 published 2019-09-02 reporter Quentin Kaiser source https://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html title Cisco RV110W / RV130(W) / RV215W Remote Command Execution
Related news
References
- http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html
- http://packetstormsecurity.com/files/153163/Cisco-RV130W-1.0.3.44-Remote-Stack-Overflow.html
- http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/154310/Cisco-RV110W-RV130-W-RV215W-Remote-Command-Execution.html
- http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce
- http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce
- http://www.securityfocus.com/bid/107185
- http://www.securityfocus.com/bid/107185
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
- https://www.exploit-db.com/exploits/46705/
- https://www.exploit-db.com/exploits/46705/