CVE-2018-0424

CVE-2018-0424: Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability

Vendor Cisco
Product Cisco RV130W Wireless-N Multifunction VPN Router Firmware
Weakness CWE-77
Published October 5, 2018
Last update November 26, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

Key dates

02Disclosure timeline

October 5, 2018 CVE published
November 26, 2024 Record updated