Multiple vulnerabilities in Cisco Small Business RV320 and RV325 Routers



Published: 2019-01-24
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2019-1653
CVE-2019-1652
CWE ID CWE-200
CWE-77
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
Small Business RV325 Dual Gigabit WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Small Business RV320 Dual Gigabit WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Cisco Systems, Inc

Security Advisory

1) Information disclosure

Severity: Low

CVSSv3: 6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-1653

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper access controls for URLs. A remote attacker can connect to an affected device via HTTP or HTTPS and requesting specific URLs  to download the router configuration or detailed diagnostic information.

Mitigation

Update the affected firmware to version 1.4.2.19.

Vulnerable software versions

Small Business RV325 Dual Gigabit WAN VPN Router: 1.4.2.15, 1.4.2.17

Small Business RV320 Dual Gigabit WAN VPN Router: 1.4.2.15, 1.4.2.17

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Command injection

Severity: Low

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-1652

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary commands.

The vulnerability exists due to improper validation of user-supplied input. A remote attacker can send malicious HTTP POST requests to the web-based management interface and execute arbitrary commands on the underlying Linux shell as root.

Mitigation

Update the affected firmware to version 1.4.2.20.

Vulnerable software versions

Small Business RV325 Dual Gigabit WAN VPN Router: 1.4.2.15, 1.4.2.16, 1.4.2.17, 1.4.2.18, 1.4.2.19

Small Business RV320 Dual Gigabit WAN VPN Router: 1.4.2.15, 1.4.2.16, 1.4.2.17, 1.4.2.18, 1.4.2.19

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.