Main Vulnerability Database Exploits ID:1976 - Exploit for Information disclosure in Small Business RV325 Dual Gigabit WAN VPN Router and Small Business RV320 Dual Gigabit WAN VPN Router - CVE-2019-1653

ID:1976 - Exploit for Information disclosure in Small Business RV325 Dual Gigabit WAN VPN Router and Small Business RV320 Dual Gigabit WAN VPN Router - CVE-2019-1653

Published: March 18, 2020

Vulnerability identifier: #VU17194

Vulnerability risk: Low

CVE-ID: CVE-2019-1653

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
Small Business RV325 Dual Gigabit WAN VPN Router
Small Business RV320 Dual Gigabit WAN VPN Router

Link to public exploit:

https://github.com/0x27/CiscoRV320Dump

Vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper access controls for URLs. A remote attacker can connect to an affected device via HTTP or HTTPS and requesting specific URLs to download the router configuration or detailed diagnostic information.

Remediation

Update the affected firmware to version 1.4.2.19.

ID:1976 - Exploit for Information disclosure in Small Business RV325 Dual Gigabit WAN VPN Router and Small Business RV320 Dual Gigabit WAN VPN Router - CVE-2019-1653

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human