====================================================================

                             CERT-Renater

                  Note d'Information No. 2016/VULN255
_____________________________________________________________________

DATE                : 16/06/2016

HARDWARE PLATFORM(S): Cisco Wireless VPN Firewall/Routers RV110W,
                                     RV130W, RV215W.

OPERATING SYSTEM(S): Cisco Wireless VPN Firewall/Routers software.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
____________________________________________________________________

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution 
Vulnerability

Advisory ID: cisco-sa-20160615-rv

Revision 1.0

For Public Release 2016 June 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN
Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the
Cisco RV215W Wireless-N VPN Router could allow an unauthenticated,
remote attacker to execute arbitrary code as root on a targeted system.

The vulnerability is due to insufficient sanitization of HTTP
user-supplied input. An attacker could exploit this vulnerability by
sending a crafted HTTP request with custom user data. An exploit could
allow the attacker to execute arbitrary code with root-level privileges
on the affected system, which could be leveraged to conduct further
attacks.

Cisco has not released software updates that address this
vulnerability. Workarounds that mitigate this vulnerability are not
available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================