CVE-2016-1395: Input Validation
First published: Sun Jun 19 2016(Updated: )
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco RV130W Wireless-N Multifunction VPN Router | ||
| Cisco RV130W Wireless-N Multifunction VPN Router | =1.0.0.21 | |
| Cisco RV130W Wireless-N Multifunction VPN Router | =1.0.1.3 | |
| Cisco RV130W Wireless-N Multifunction VPN Router | =1.0.2.7 | |
| Cisco RV215W Wireless-N VPN Router Firmware | ||
| Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware | =1.1.0.5 | |
| Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware | =1.1.0.6 | |
| Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware | =1.2.0.14 | |
| Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware | =1.2.0.15 | |
| Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware | =1.3.0.7 | |
| Cisco Small Business RV110W Wireless-N VPN Firewall | ||
| Cisco RV110W Wireless-N VPN Firewall Firmware | =1.1.0.9 | |
| Cisco RV110W Wireless-N VPN Firewall Firmware | =1.2.0.9 | |
| Cisco RV110W Wireless-N VPN Firewall Firmware | =1.2.0.10 | |
| Cisco RV110W Wireless-N VPN Firewall Firmware | =1.2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1395?
CVE-2016-1395 is considered a high severity vulnerability that allows remote code execution.
How do I fix CVE-2016-1395?
To fix CVE-2016-1395, upgrade your Cisco RV110W, RV130W, or RV215W device to the latest firmware version provided by Cisco.
Which devices are affected by CVE-2016-1395?
CVE-2016-1395 affects Cisco RV110W, RV130W, and RV215W devices with specific firmware versions prior to their fixes.
What can attackers do with CVE-2016-1395?
Attackers can execute arbitrary code as root on vulnerable devices through crafted HTTP requests due to CVE-2016-1395.
When was CVE-2016-1395 disclosed?
CVE-2016-1395 was disclosed on June 15, 2016, and it is identified as Bug ID CSCux82428.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco rv130w wireless-n multifunction vpn router
- version/cisco rv130w wireless-n multifunction vpn router/1.0.0.21
- version/cisco rv130w wireless-n multifunction vpn router/1.0.1.3
- version/cisco rv130w wireless-n multifunction vpn router/1.0.2.7
- canonical/cisco rv215w wireless-n vpn router firmware
- canonical/silabs wireless smart ubiquitous network linux border router firmware
- version/silabs wireless smart ubiquitous network linux border router firmware/1.1.0.5
- version/silabs wireless smart ubiquitous network linux border router firmware/1.1.0.6
- version/silabs wireless smart ubiquitous network linux border router firmware/1.2.0.14
- version/silabs wireless smart ubiquitous network linux border router firmware/1.2.0.15
- version/silabs wireless smart ubiquitous network linux border router firmware/1.3.0.7
- canonical/cisco small business rv110w wireless-n vpn firewall
- canonical/cisco rv110w wireless-n vpn firewall firmware
- version/cisco rv110w wireless-n vpn firewall firmware/1.1.0.9
- version/cisco rv110w wireless-n vpn firewall firmware/1.2.0.9
- version/cisco rv110w wireless-n vpn firewall firmware/1.2.0.10
- version/cisco rv110w wireless-n vpn firewall firmware/1.2.1.4