CVE-2016-1396

Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*
OR cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.0.21:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.1.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.2.7:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*
OR cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*
OR cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.5:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.6:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.15:*:*:*:*:*:*:*
cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.0.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-06-19 01:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-1396

Mitre link : CVE-2016-1396

CVE.ORG link : CVE-2016-1396


JSON object : View

Products Affected

cisco

  • rv130w_wireless-n_multifunction_vpn_router_firmware
  • rv110w_wireless-n_vpn_firewall
  • rv130w_wireless-n_multifunction_vpn_router
  • rv215w_wireless-n_vpn_router_firmware
  • rv215w_wireless-n_vpn_router
  • rv110w_wireless-n_vpn_firewall_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')