The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 02:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html - | |
References | () http://seclists.org/fulldisclosure/2014/Nov/6 - | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/533917/100/0/threaded - | |
References | () http://www.securitytracker.com/id/1031171 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/98497 - |
Information
Published : 2014-11-07 11:55
Updated : 2024-11-21 02:05
NVD link : CVE-2014-2177
Mitre link : CVE-2014-2177
CVE.ORG link : CVE-2014-2177
JSON object : View
Products Affected
cisco
- rv120w_firmware
- rv180w
- rv180
- rv220w_firmware
- rv180_firmware
- rv220w
- rv120w
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')