First published: Thu Jan 24 2019(Updated: )
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Rv320 Firmware | =1.4.2.15 | |
Cisco Rv320 Firmware | =1.4.2.17 | |
Cisco RV320 | ||
Cisco Rv325 Firmware | =1.4.2.15 | |
Cisco Rv325 Firmware | =1.4.2.17 | |
Cisco RV325 | ||
Cisco Small Business RV320 and RV325 Routers | ||
All of | ||
Any of | ||
Cisco Rv320 Firmware | =1.4.2.15 | |
Cisco Rv320 Firmware | =1.4.2.17 | |
Cisco RV320 | ||
All of | ||
Any of | ||
Cisco Rv325 Firmware | =1.4.2.15 | |
Cisco Rv325 Firmware | =1.4.2.17 | |
Cisco RV325 | ||
All of | ||
Any of | ||
=1.4.2.15 | ||
=1.4.2.17 | ||
All of | ||
Any of | ||
=1.4.2.15 | ||
=1.4.2.17 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1653 is a vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers.
CVE-2019-1653 allows an unauthenticated, remote attacker to retrieve sensitive information due to improper access controls for URLs.
CVE-2019-1653 has a severity score of 7.5 (high).
To fix CVE-2019-1653, Cisco has released firmware updates for the affected routers. It is recommended to update to the latest firmware version.
You can find more information about CVE-2019-1653 on the following references: [Reference 1](http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html), [Reference 2](http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html), [Reference 3](http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html).