CyberSec.Space Logo
Back to CVE Browser

CVE-2014-2178

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile39.13th
PublishedNov 7, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.

Affected Platforms (CPE)

πŸ’»
Cisco

Rv180 Firmware

<= 1.0.3.10
πŸ”Œ
Cisco

Rv180

All versions
πŸ”Œ
Cisco

Rv180w

All versions
πŸ’»
Cisco

Rv220w Firmware

<= 1.0.5.8
πŸ”Œ
Cisco

Rv220w

All versions
πŸ’»
Cisco

Rv120w Firmware

<= 1.0.5.8
πŸ”Œ
Cisco

Rv120w

All versions

References & Advisories

πŸ”— http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
πŸ”— http://seclists.org/fulldisclosure/2014/Nov/6
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
πŸ”— http://www.securityfocus.com/archive/1/533917/100/0/threaded
πŸ”— http://www.securitytracker.com/id/1031171
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/98498
πŸ”— http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
πŸ”— http://seclists.org/fulldisclosure/2014/Nov/6

Related Vulnerabilities

CVE-2014-21779.0

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devic...

CVE-2014-21795.0

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices ...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...