First published: Wed Sep 05 2018(Updated: )
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Rv110w Firmware | <=1.2.1.7 | |
Cisco RV110W Wireless-N VPN Firewall | ||
Cisco Rv130w Firmware | <1.0.3.44 | |
Cisco RV130W | ||
Cisco Rv215w Firmware | <=1.3.0.8 | |
Cisco RV215W Wireless-N VPN Router |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability CVE-2018-0425 is a vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
The severity of CVE-2018-0425 is critical with a severity value of 9.8.
CVE-2018-0425 allows an unauthenticated, remote attacker to gain access to sensitive information.
The Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router are affected by CVE-2018-0425.
Yes, Cisco has released firmware updates to address the vulnerability CVE-2018-0425. Please refer to the Cisco Security Advisory for more information.