Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability
|
System information
|
| |
|
|
Affected software |
Cisco |
Description
|
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20RV016,%20RV042,%20RV042G,%20and%20RV082%20Routers%20Arbitrary%20Command%20Execution%20Vulnerability&vs_k=1 |
Standar resources
|
|
Property |
Value |
|
CVE |
CVE-2019-15271. |
