Vulnerabilities > Cisco > Rv320 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-04 CVE-2019-1827 Cross-site Scripting vulnerability in Cisco Rv320 Firmware and Rv325 Firmware
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service.
network
low complexity
cisco CWE-79
6.1
2017-10-12 CVE-2015-6358 Improper Certificate Validation vulnerability in Cisco products
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
network
high complexity
cisco CWE-295
5.9