CVE-2019-15271: Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
First published: Tue Nov 26 2019(Updated: )
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
Credit: ykramarz@cisco.com psirt@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco RV series router firmware | ||
| All of | ||
| Cisco RV016 multi-wan vpn firmware | <4.2.3.10 | |
| Cisco RV016 Multi-WAN VPN | ||
| All of | ||
| Cisco RV042 Dual WAN VPN Router | <4.2.3.10 | |
| Cisco RV042 Dual WAN VPN Router | ||
| All of | ||
| Cisco RV042G dual gigabit wan vpn firmware | <4.2.3.10 | |
| Cisco RV042G | ||
| All of | ||
| Cisco RV082 Dual WAN VPN Router Firmware | <4.2.3.10 | |
| Cisco RV082 Dual WAN VPN Router | ||
| Cisco RV016 multi-wan vpn firmware | <4.2.3.10 | |
| Cisco RV016 Multi-WAN VPN | ||
| Cisco RV042 Dual WAN VPN Router | <4.2.3.10 | |
| Cisco RV042 Dual WAN VPN Router | ||
| Cisco RV042G dual gigabit wan vpn firmware | <4.2.3.10 | |
| Cisco RV042G | ||
| Cisco RV082 Dual WAN VPN Router Firmware | <4.2.3.10 | |
| Cisco RV082 Dual WAN VPN Router |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-15271?
CVE-2019-15271 is a vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers.
How does CVE-2019-15271 impact Cisco RV Series Routers?
CVE-2019-15271 allows an authenticated, remote attacker to execute arbitrary commands with root privileges on affected Cisco RV Series Routers.
Who can exploit CVE-2019-15271?
An attacker with either a valid credential or an active session token can exploit CVE-2019-15271.
What is the severity of CVE-2019-15271?
CVE-2019-15271 has a severity rating of 8.8 (Critical).
How can I fix the vulnerability CVE-2019-15271?
To fix CVE-2019-15271, users should follow the guidelines provided by Cisco in their security advisory.
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- vendor/cisco
- canonical/cisco rv series router firmware
- canonical/cisco rv016 multi-wan vpn firmware
- canonical/cisco rv016 multi-wan vpn
- canonical/cisco rv042 dual wan vpn router
- canonical/cisco rv042g dual gigabit wan vpn firmware
- canonical/cisco rv042g
- canonical/cisco rv082 dual wan vpn router firmware
- canonical/cisco rv082 dual wan vpn router