Skip to main content

Cisco RV130 CVE-2026-24698

| EUVDEUVD-2026-42290 HIGH
OS Command Injection (CWE-78)
2026-07-08 cve@mitre.org GHSA-pv42-mgvv-jhv9
7.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Network-reachable management interface (AV:N) with simple injection (AC:L) but mandatory admin authentication (PR:H); root command execution yields total confidentiality, integrity, and availability impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 17:36 vuln.today
CVSS changed
Jul 08, 2026 - 17:22 NVD
8.8 (HIGH) 7.2 (HIGH)
CVSS changed
Jul 08, 2026 - 16:22 NVD
8.8 (HIGH)
CVE Published
Jul 08, 2026 - 15:16 cve.org
HIGH 7.2
CVE Published
Jul 08, 2026 - 15:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

AnalysisAI

Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-business routers lets an authenticated remote attacker run arbitrary commands via the unsanitized model_name parameter in the httpd binary's save_syslog_to_file() function. Because injected commands run as root, successful exploitation yields full device takeover. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain admin access to router web UI
Delivery
Inject shell metacharacters into model_name parameter
Exploit
Trigger save_syslog_to_file() syslog export
Execution
httpd executes injected command as root
Impact
Full device compromise and persistence

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with high/administrative privileges on the router's web management interface (CVSS PR:H) and network reachability to that interface; it is not remotely exploitable without valid admin credentials. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderately consistent but point to a targeted rather than mass-exploitation risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained administrator credentials (via phishing, credential reuse, default passwords, or a chained auth bypass) logs into the router's web management interface, which is reachable over the network. They set the model_name configuration parameter to a value containing shell metacharacters and trigger the syslog-to-file save operation, causing the httpd process to execute their injected commands as root. …
Remediation No vendor-released patch identified at time of analysis, and the Cisco RV130/RV130W and RV110W are end-of-life small-business platforms for which fixes may not be forthcoming - plan for replacement with a supported router as the durable fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Conduct immediate inventory of all Cisco RV130/RV130W/RV110W deployments; restrict administrative access (SSH/web interface) to trusted IP ranges only via firewall ACLs. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-20923 CRITICAL
9.8 Sep 08

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and

CVE-2022-20825 CRITICAL
9.8 Jun 15

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2021-1459 CRITICAL
9.8 Apr 08

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2020-3144 CRITICAL
9.8 Jul 16

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV1

CVE-2020-3146 HIGH
8.8 Jul 16

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro

CVE-2020-3145 HIGH
8.8 Jul 16

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro

CVE-2026-24700 HIGH
7.2 Jul 08

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with

CVE-2026-24699 HIGH
7.2 Jul 08

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with f

CVE-2026-24697 HIGH
7.2 Jul 08

Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote a

CVE-2023-20250 HIGH
7.2 Sep 06

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2022-20912 HIGH
7.2 Jul 22

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W

CVE-2022-20911 HIGH
7.2 Jul 22

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W

Share

CVE-2026-24698 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy