CVE-2018-0425: Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability
First published: Wed Sep 05 2018(Updated: )
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Rv110w Firmware | <=1.2.1.7 | |
| Cisco RV110W Wireless-N VPN Firewall | ||
| Cisco Rv130w Firmware | <1.0.3.44 | |
| Cisco RV130W | ||
| Cisco Rv215w Firmware | <=1.3.0.8 | |
| Cisco RV215W Wireless-N VPN Router |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability CVE-2018-0425?
The vulnerability CVE-2018-0425 is a vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.
What is the severity of CVE-2018-0425?
The severity of CVE-2018-0425 is critical with a severity value of 9.8.
How does CVE-2018-0425 impact the affected devices?
CVE-2018-0425 allows an unauthenticated, remote attacker to gain access to sensitive information.
Which devices are affected by CVE-2018-0425?
The Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router are affected by CVE-2018-0425.
Is there a fix available for CVE-2018-0425?
Yes, Cisco has released firmware updates to address the vulnerability CVE-2018-0425. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- vendor/cisco
- canonical/cisco rv110w firmware
- version/cisco rv110w firmware/1.2.1.7
- canonical/cisco rv110w wireless-n vpn firewall
- canonical/cisco rv130w firmware
- canonical/cisco rv130w
- canonical/cisco rv215w firmware
- version/cisco rv215w firmware/1.3.0.8
- canonical/cisco rv215w wireless-n vpn router