Multiple vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers

1) Buffer overflow

EUVDB-ID: #VU31753

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3323

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote attacker can send a specially crafted HTTP request, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.5

Cisco Small Business RV130 Series VPN Routers: 1.0.0.21 - 1.2.2.8

RV130W Wireless-N Multifunction VPN Router: 1.0.0.21 - 1.2.2.8

RV215W Wireless-N VPN Router: 1.3.1.4

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authorization

EUVDB-ID: #VU31754

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3150

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to improper authorization of an HTTP request. A remote attacker can access a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot, and view sensitive information on the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.5

RV215W Wireless-N VPN Router: 1 - 1.3.1.5

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU31756

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3331

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.5

RV215W Wireless-N VPN Router: 1.1.0.5 - 1.3.1.5

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use of hard-coded credentials

EUVDB-ID: #VU31750

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3330

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code in the Telnet service. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Small Business RV130 Series VPN Routers: 1.2.2.5

RV130W Wireless-N Multifunction VPN Router: 1.2.2.5

RV215W Wireless-N VPN Router: 1.2.2.5

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.