CVE-2015-6396

The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:34

Type Values Removed Values Added
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1 - Mitigation, Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1 - Mitigation, Vendor Advisory
References () http://www.securityfocus.com/bid/92269 - () http://www.securityfocus.com/bid/92269 -
References () http://www.securitytracker.com/id/1036528 - () http://www.securitytracker.com/id/1036528 -
References () https://www.exploit-db.com/exploits/45986/ - () https://www.exploit-db.com/exploits/45986/ -

Information

Published : 2016-08-08 00:59

Updated : 2024-11-21 02:34


NVD link : CVE-2015-6396

Mitre link : CVE-2015-6396

CVE.ORG link : CVE-2015-6396


JSON object : View

Products Affected

cisco

  • rv215w_wireless-n_vpn_router
  • rv130w_wireless-n_multifunction_vpn_router_firmware
  • rv110w_wireless-n_vpn_firewall_firmware
  • rv215w_wireless-n_vpn_router_firmware
  • rv130w_wireless-n_multifunction_vpn_router
  • rv110w_wireless-n_vpn_firewall
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')