Computer Security
[EN] securityvulns.ru no-pyccku


Cisco RV multiple security vulnerabilities
Published:10.11.2014
Source:
SecurityVulns ID:14082
Type:remote
Threat Level:
6/10
Description:Files access, code execution, crossite scripting.
Affected:CISCO : Cisco RV220W
CVE:CVE-2014-2179 (The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.)
 CVE-2014-2178 (Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.)
 CVE-2014-2177 (The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers (10.11.2014)
 documentSecurify B.V., Cisco RV Series multiple vulnerabilities (10.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod