Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Network-reachable management interface (AV:N) with simple injection (AC:L) but mandatory admin authentication (PR:H); root command execution yields total confidentiality, integrity, and availability impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.
AnalysisAI
Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-business routers lets an authenticated remote attacker run arbitrary commands via the unsanitized model_name parameter in the httpd binary's save_syslog_to_file() function. Because injected commands run as root, successful exploitation yields full device takeover. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session with high/administrative privileges on the router's web management interface (CVSS PR:H) and network reachability to that interface; it is not remotely exploitable without valid admin credentials. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately consistent but point to a targeted rather than mass-exploitation risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained administrator credentials (via phishing, credential reuse, default passwords, or a chained auth bypass) logs into the router's web management interface, which is reachable over the network. They set the model_name configuration parameter to a value containing shell metacharacters and trigger the syslog-to-file save operation, causing the httpd process to execute their injected commands as root. … |
| Remediation | No vendor-released patch identified at time of analysis, and the Cisco RV130/RV130W and RV110W are end-of-life small-business platforms for which fixes may not be forthcoming - plan for replacement with a supported router as the durable fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Conduct immediate inventory of all Cisco RV130/RV130W/RV110W deployments; restrict administrative access (SSH/web interface) to trusted IP ranges only via firewall ACLs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Rv130 Firmware
View allA vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV1
Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro
Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro
An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with
An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with f
Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote a
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42290
GHSA-pv42-mgvv-jhv9