Vulnerability Details : CVE-2018-0423

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.
Publish Date : 2018-10-05 Last Update Date : 2019-10-09

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeOverflow
CWE ID	119

- Products Affected By CVE-2018-0423

#	Product Type	Vendor	Product
1	OS	Cisco	Rv110w Firmware	Version Details Vulnerabilities
2	OS	Cisco	Rv130w Firmware	Version Details Vulnerabilities
3	OS	Cisco	Rv215w Firmware	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Cisco	Rv110w Firmware	1
Cisco	Rv130w Firmware	1
Cisco	Rv215w Firmware	1

- References For CVE-2018-0423

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow
CISCO 20180905 Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability

http://www.securitytracker.com/id/1041675
SECTRACK 1041675

http://www.securityfocus.com/bid/105285
BID 105285 Cisco RV110W/RV130W/RV215W Routers Management Interface CVE-2018-0423 Buffer Overflow Vulnerability Release Date:2018-09-05

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Cisco Rv110w Firmware	Cisco Rv110w
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Cisco Rv130w Firmware	Cisco Rv130w
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Cisco Rv215w Firmware	Cisco Rv215w

- Metasploit Modules Related To CVE-2018-0423

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)