Skip to main content

Rv110W Wireless N Vpn Firewall Firmware CVE-2020-3146

HIGH
Buffer Overflow (CWE-119)
2020-07-16 psirt@cisco.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 16, 2020 - 18:15 nvd
HIGH 8.8

DescriptionNVD

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.

AnalysisAI

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. Affected products include: Cisco Rv110W Wireless-N Vpn Firewall Firmware, Cisco Rv130 Firmware, Cisco Rv130W Firmware, Cisco Rv215W Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2015-6396 HIGH POC
7.8 Aug 08

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell command

CVE-2016-1395 CRITICAL
9.8 Jun 19

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware be

CVE-2021-34730 CRITICAL
9.8 Aug 18

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W

CVE-2020-3331 CRITICAL
9.8 Jul 16

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-

CVE-2020-3330 CRITICAL
9.8 Jul 16

A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unau

CVE-2020-3323 CRITICAL
9.8 Jul 16

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2015-6397 HIGH
8.8 Aug 08

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remo

CVE-2020-3332 HIGH
8.8 Jul 16

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series R

CVE-2021-1217 HIGH
7.2 Jan 13

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W

CVE-2016-1397 MEDIUM
6.5 Jun 19

Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devic

CVE-2016-1396 MEDIUM
6.1 Jun 19

Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware bef

Share

CVE-2020-3146 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy