CVE-2015-6319

SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:h:cisco:rv016_multi-wan_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv082_dual_wan_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv120w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv130_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv180_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv320_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv325_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv325_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rvl200_4-port_ssl_ipsec_vpn_router:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rvs4000_4-port_gigabit_security_router_-_vpn:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wrv200_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wrv210_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wrvs4400n_wireless-n_gigabit_security_router_-_vpn_v2.0:*:*:*:*:*:*:*:*
OR cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.30:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.1.9:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.2.6:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.3.10:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.10:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.6:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.8:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.6.6:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.1.0.9:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv_series_router_firmware:1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*

History

21 Nov 2024, 02:34

Type Values Removed Values Added
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 - Vendor Advisory
References () http://www.securitytracker.com/id/1034830 - () http://www.securitytracker.com/id/1034830 -

Information

Published : 2016-01-27 22:59

Updated : 2024-11-21 02:34


NVD link : CVE-2015-6319

Mitre link : CVE-2015-6319

CVE.ORG link : CVE-2015-6319


JSON object : View

Products Affected

cisco

  • rv016_multi-wan_vpn_router
  • wrv200_wireless-g_vpn_router_-_rangebooster
  • wrv210_wireless-g_vpn_router_-_rangebooster
  • rv215w_wireless-n_vpn_router
  • rv320_dual_gigabit_wan_vpn_router
  • rv130_vpn_router
  • rv325_dual_wan_gigabit_vpn_router
  • rv325_dual_gigabit_wan_wf_vpn_router
  • rv180w_wireless-n_multifunction_vpn_router
  • rvl200_4-port_ssl_ipsec_vpn_router
  • rv130w_wireless-n_multifunction_vpn_router
  • rv042_dual_wan_vpn_router
  • rv042g_dual_gigabit_wan_vpn_router
  • rv180_vpn_router
  • rv120w_wireless-n_vpn_firewall
  • rv220w_wireless_network_security_firewall
  • rv320_dual_gigabit_wan_wf_vpn_router
  • rv_series_router_firmware
  • rv110w_wireless-n_vpn_firewall
  • rv082_dual_wan_vpn_router
  • rvs4000_4-port_gigabit_security_router_-_vpn
  • wrvs4400n_wireless-n_gigabit_security_router_-_vpn_v2.0

sun

  • opensolaris
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')