Skip to main content

Rv130 Firmware CVE-2026-24699

| EUVDEUVD-2026-42291 HIGH
OS Command Injection (CWE-78)
2026-07-08 cve@mitre.org GHSA-g3h5-3fxg-cpq7
7.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 08, 2026 - 15:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Analysis

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-20923 CRITICAL
9.8 Sep 08

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and

CVE-2022-20825 CRITICAL
9.8 Jun 15

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2021-1459 CRITICAL
9.8 Apr 08

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2020-3144 CRITICAL
9.8 Jul 16

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV1

CVE-2020-3146 HIGH
8.8 Jul 16

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro

CVE-2020-3145 HIGH
8.8 Jul 16

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Ro

CVE-2026-24700 HIGH
7.2 Jul 08

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with

CVE-2026-24698 HIGH
7.2 Jul 08

Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-bu

CVE-2026-24697 HIGH
7.2 Jul 08

Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote a

CVE-2023-20250 HIGH
7.2 Sep 06

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

CVE-2022-20912 HIGH
7.2 Jul 22

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W

CVE-2022-20911 HIGH
7.2 Jul 22

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W

Share

CVE-2026-24699 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy