CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-0405

HIGH
7.5
CVSS Severity Score
EPSS Score0.0350%
EPSS Percentile14.80th
Published2018年10月5日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.

Affected Platforms (CPE)

💻
Cisco

Rv180w Firmware

All versions
💻
Cisco

Rv220w Firmware

All versions

References & Advisories

🔗 https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019
🔗 https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019

相關漏洞威脅

CVE-2014-21779.0

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devic...

CVE-2018-04047.5

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W...

CVE-2014-21786.8

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devi...

CVE-2014-21795.0

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices ...