First published: Wed Jul 15 2020(Updated: )
A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Rv110w Firmware | <1.2.2.8 | |
Cisco RV110W | ||
Cisco Rv215w Firmware | <1.3.1.7 | |
Cisco RV215W |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.