Описание
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одновременно
Одновременно
EPSS
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.
Уязвимость микропрограммного обеспечения веб-интерфейса управления брандмауэра Cisco RV110W Wireless-N VPN и многофункциональных VPN-маршрутизаторов Cisco RV130W Wireless-N и Cisco RV215W Wireless-N VPN, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
9.8 Critical
CVSS3
5 Medium
CVSS2