==================================================================== CERT-Renater Note d'Information No. 2018/VULN267 _____________________________________________________________________ DATE : 06/09/2018 HARDWARE PLATFORM(S): Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, Cisco RV215W Wireless-N VPN Router. OPERATING SYSTEM(S): Cisco RV110W Wireless-N VPN Firewall firmware, Cisco RV130W Wireless-N Multifunction VPN Routerfirmware, Cisco RV215W Wireless-N VPN Router firmware. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure _____________________________________________________________________ Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability Advisory ID: cisco-sa-20180905-rv-routers-overflow Revision: 1.0 For Public Release: 2018 September 5 16:00 GMT Last Updated: 2018 September 5 16:00 GMT CVE ID(s): CVE-2018-0423 CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow"] _____________________________________________________________________ Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability Advisory ID: cisco-sa-20180905-rv-routers-injection Revision: 1.0 For Public Release: 2018 September 5 16:00 GMT Last Updated: 2018 September 5 16:00 GMT CVE ID(s): CVE-2018-0424 CVSS Score v(3): 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"] _____________________________________________________________________ Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability Advisory ID: cisco-sa-20180905-rv-routers-traversal Revision: 1.0 For Public Release: 2018 September 5 16:00 GMT Last Updated: 2018 September 5 16:00 GMT CVE ID(s): CVE-2018-0426 CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal"] _____________________________________________________________________ Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability Advisory ID: cisco-sa-20180905-rv-routers-disclosure Revision: 1.0 For Public Release: 2018 September 5 16:00 GMT Last Updated: 2018 September 5 16:00 GMT CVE ID(s): CVE-2018-0425 CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================