Skip to main content

Cisco RV130 CVE-2026-24697

| EUVDEUVD-2026-42289 HIGH
OS Command Injection (CWE-78)
2026-07-08 cve@mitre.org GHSA-5wp9-987m-q7mf
7.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Network-reachable management with low complexity but requiring admin authentication (PR:H) to set wan_hostname; root command execution yields full C/I/A impact with scope unchanged.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 08, 2026 - 17:37 vuln.today
CVSS changed
Jul 08, 2026 - 17:22 NVD
7.2 (HIGH)
CVE Published
Jul 08, 2026 - 15:16 cve.org
HIGH 7.2
CVE Published
Jul 08, 2026 - 15:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

AnalysisAI

Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote administrator inject arbitrary shell commands through the wan_hostname parameter, which is passed unsanitized into the start_bonjour() routine of the 'rc' binary. Because the 'rc' process runs as root, successful exploitation yields full command execution and complete device takeover. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain admin credentials to router
Delivery
Access web management interface
Exploit
Set wan_hostname with injected shell command
Execution
start_bonjour() executes tainted string
Persist
Arbitrary commands run as root
Impact
Full device takeover and network pivot

Vulnerability AssessmentAI

Exploitation Exploitation requires authenticated administrative access to the router (CVSS PR:H) and the ability to set the wan_hostname configuration parameter through the device's management/configuration interface - this parameter is the exact injection point, flowing into the start_bonjour() function of the 'rc' binary. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.2 (High) with vector AV:N/AC:L/PR:H/UI:N - network-reachable, low complexity, but requiring high privileges (administrative authentication), no user interaction, and full C/I/A impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained administrative access to an internet-exposed RV130/RV110W management interface (via default, weak, or reused credentials) sets the WAN hostname to a value containing shell metacharacters, e.g. a benign name followed by an injected command. …
Remediation No vendor-released patch was identified at time of analysis, and notably the Cisco RV130, RV130W, and RV110W product lines reached end-of-life and end-of-security-support, so a firmware fix is unlikely to be issued - treat replacement of these devices with a supported model as the primary remediation. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all RV130, RV130W, and RV110W devices and audit administrative access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-20923 CRITICAL
9.8 Sep 08

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and

CVE-2022-20825 CRITICAL
9.8 Jun 15

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2021-1459 CRITICAL
9.8 Apr 08

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2020-3144 CRITICAL
9.8 Jul 16

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV1

CVE-2020-3146 HIGH
8.8 Jul 16

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro

CVE-2020-3145 HIGH
8.8 Jul 16

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro

CVE-2026-24700 HIGH
7.2 Jul 08

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with

CVE-2026-24699 HIGH
7.2 Jul 08

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with f

CVE-2026-24698 HIGH
7.2 Jul 08

Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-bu

CVE-2023-20250 HIGH
7.2 Sep 06

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2022-20912 HIGH
7.2 Jul 22

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W

CVE-2022-20911 HIGH
7.2 Jul 22

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W

Share

CVE-2026-24697 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy