Multiple vulnerabilities in Cisco Small Business RV320 and RV325 Routers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-1653 CVE-2019-1652 |
| CWE-ID | CWE-200 CWE-77 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. |
| Vulnerable software |
Small Business RV325 Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Small Business RV320 Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU17194
Risk: Low
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2019-1653
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper access controls for URLs. A remote attacker can connect to an affected device via HTTP or HTTPS and requesting specific URLs to download the router configuration or detailed diagnostic information.
MitigationUpdate the affected firmware to version 1.4.2.19.
Vulnerable software versionsSmall Business RV325 Dual Gigabit WAN VPN Router: 1.4.2.15 - 1.4.2.17
Small Business RV320 Dual Gigabit WAN VPN Router: 1.4.2.15 - 1.4.2.17
CPE2.3- cpe:2.3:h:cisco_systems:small_business_rv325_dual_gigabit_wan_vpn_router:1.4.2.15:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv325_dual_gigabit_wan_vpn_router:1.4.2.17:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv320_dual_gigabit_wan_vpn_router:1.4.2.15:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv320_dual_gigabit_wan_vpn_router:1.4.2.17:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Command injection
EUVDB-ID: #VU17195
Risk: Low
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2019-1652
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary commands.
The vulnerability exists due to improper validation of user-supplied input. A remote attacker can send malicious HTTP POST requests to the web-based management interface and execute arbitrary commands on the underlying Linux shell as root.
MitigationUpdate the affected firmware to version 1.4.2.20.
Vulnerable software versionsSmall Business RV325 Dual Gigabit WAN VPN Router: 1.4.2.15 - 1.4.2.19
Small Business RV320 Dual Gigabit WAN VPN Router: 1.4.2.15 - 1.4.2.19
CPE2.3- cpe:2.3:h:cisco_systems:small_business_rv325_dual_gigabit_wan_vpn_router:1.4.2.15:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv325_dual_gigabit_wan_vpn_router:1.4.2.16:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv325_dual_gigabit_wan_vpn_router:1.4.2.17:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv320_dual_gigabit_wan_vpn_router:1.4.2.15:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv320_dual_gigabit_wan_vpn_router:1.4.2.16:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:small_business_rv320_dual_gigabit_wan_vpn_router:1.4.2.17:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
