First published: Tue Nov 26 2019(Updated: )
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Rv016 Multi-wan Vpn Firmware | <4.2.3.10 | |
Cisco Rv016 Multi-wan Vpn | ||
Cisco Rv042 Dual Wan Vpn Firmware | <4.2.3.10 | |
Cisco Rv042 Dual Wan Vpn | ||
Cisco Rv042g Dual Gigabit Wan Vpn Firmware | <4.2.3.10 | |
Cisco Rv042g Dual Gigabit Wan Vpn | ||
Cisco Rv082 Dual Wan Vpn Firmware | <4.2.3.10 | |
Cisco Rv082 Dual Wan Vpn |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15990 is a vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers, which could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface.
An attacker can exploit CVE-2019-15990 by sending a specially crafted HTTP request to the vulnerable web-based management interface.
CVE-2019-15990 has a severity level of 5.3, which is considered medium.
Cisco Rv016 Multi-wan Vpn Firmware, Cisco Rv042 Dual Wan Vpn Firmware, Cisco Rv042g Dual Gigabit Wan Vpn Firmware, and Cisco Rv082 Dual Wan Vpn Firmware (up to version 4.2.3.10) are affected by CVE-2019-15990.
To fix the vulnerability CVE-2019-15990, Cisco has released software updates. Please refer to the Cisco Security Advisory for more information.