CVE-2019-1653 HIGH

CVE-2019-1653: Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

Vendor Cisco

Product Cisco Small Business RV Series Router Firmware

Weakness CWE-284

KEV Status Known Exploited

Published January 24, 2019

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

January 24, 2019 CVE published

October 21, 2025 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-1653 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2019-1653

Related vulnerabilities

Identifiers

CVE CVE-2019-1653

CWE CWE-284

CVSS 7.5 / HIGH

Affected versions