CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-0426

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile29.70th
Published2018年10月5日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.

Affected Platforms (CPE)

💻
Cisco

Rv110w Firmware

<= 1.2.1.7
💻
Cisco

Rv130w Firmware

< 1.0.3.44
💻
Cisco

Rv215w Firmware

<= 1.3.0.8

References & Advisories

🔗 http://www.securitytracker.com/id/1041678
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal
🔗 http://www.securitytracker.com/id/1041678
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal

相关漏洞威胁

CVE-2014-068310.0

The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 a...

CVE-2016-13959.8

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3...

CVE-2016-13976.5

Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with fi...

CVE-2016-13986.5

Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with f...