First published: Thu Apr 04 2019(Updated: )
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service. The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Rv320 Firmware | <1.4.2.22 | |
Cisco RV320 | ||
Cisco Rv325 Firmware | <1.4.2.22 | |
Cisco RV325 | ||
All of | ||
Cisco Rv320 Firmware | <1.4.2.22 | |
Cisco RV320 | ||
All of | ||
Cisco Rv325 Firmware | <1.4.2.22 | |
Cisco RV325 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-1827.
The severity level of CVE-2019-1827 is medium (6.1).
The vulnerability occurs due to a reflected cross-site scripting (XSS) attack against a user of the service.
Versions up to exclusive 1.4.2.22 of Cisco Rv320 Firmware are affected by CVE-2019-1827.
To fix this vulnerability, it is recommended to upgrade to a version of Cisco Rv320 Firmware or Cisco Rv325 Firmware that is higher than 1.4.2.22.