#VU17194 Information disclosure in Small Business RV325 Dual Gigabit WAN VPN Router and Small Business RV320 Dual Gigabit WAN VPN Router - CVE-2019-1653
Published: January 23, 2019 / Updated: October 9, 2021
Vulnerability identifier: #VU17194
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2019-1653
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Small Business RV325 Dual Gigabit WAN VPN Router
Small Business RV320 Dual Gigabit WAN VPN Router
Small Business RV325 Dual Gigabit WAN VPN Router
Small Business RV320 Dual Gigabit WAN VPN Router
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper access controls for URLs. A remote attacker can connect to an affected device via HTTP or HTTPS and requesting specific URLs to download the router configuration or detailed diagnostic information.
Remediation
Update the affected firmware to version 1.4.2.19.