CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-2178

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile39.13th
Published2014年11月7日
Last Modified2026年5月6日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.

Affected Platforms (CPE)

💻
Cisco

Rv180 Firmware

<= 1.0.3.10
🔌
Cisco

Rv180

All versions
🔌
Cisco

Rv180w

All versions
💻
Cisco

Rv220w Firmware

<= 1.0.5.8
🔌
Cisco

Rv220w

All versions
💻
Cisco

Rv120w Firmware

<= 1.0.5.8
🔌
Cisco

Rv120w

All versions

References & Advisories

🔗 http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
🔗 http://seclists.org/fulldisclosure/2014/Nov/6
🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
🔗 http://www.securityfocus.com/archive/1/533917/100/0/threaded
🔗 http://www.securitytracker.com/id/1031171
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/98498
🔗 http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
🔗 http://seclists.org/fulldisclosure/2014/Nov/6

相關漏洞威脅

CVE-2014-21779.0

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devic...

CVE-2014-21795.0

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices ...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...