Back to CVE Browser

CVE-2014-2177

CRITICAL

9.0

CVSS Severity Score

EPSS Score0.1810%

EPSS Percentile25.39th

PublishedNov 7, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.

Affected Platforms (CPE)

💻

Cisco

Rv120w Firmware

<= 1.0.5.8

🔌

Cisco

Rv120w

All versions

💻

Cisco

Rv220w Firmware

<= 1.0.5.8

🔌

Cisco

Rv220w

All versions

💻

Cisco

Rv180 Firmware

<= 1.0.3.10

🔌

Cisco

Rv180

All versions

🔌

Cisco

Rv180w

All versions

References & Advisories

🔗 http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html

🔗 http://seclists.org/fulldisclosure/2014/Nov/6

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

🔗 http://www.securityfocus.com/archive/1/533917/100/0/threaded

🔗 http://www.securitytracker.com/id/1031171

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/98497

🔗 http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html

🔗 http://seclists.org/fulldisclosure/2014/Nov/6

Related Vulnerabilities

CVE-2014-21786.8

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devi...

CVE-2014-21795.0

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices ...

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...