Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router management interface are prone to an unauthenticated, remote code execution. Improper validation of user-supplied data in the web-based management interface is the vulnerability.
For Cisco RV110/RV130/RV215 ,the web-based management interface is available through a local LAN connection or the remote management feature. One with administrator rights can open the web-based management interface and choose Basic Settings > Remote Management to check remote management is enabled for the device or not.
At, Qualys labs we have tried to generate a QID# 13430 that takes care of this vulnerability.
A POC is available. According to POC, the signature checks for the router information into the main GET request to the page that determines “router.appname=”RVxxxW Wireless-AC VPN Firewall“; “ . This implies to all the affected products mentioned below that falls under CVE-2019-1663.
- Cisco RV110W Wireless-N VPN Firewall
- Cisco RV130W Wireless-N Multifunction VPN Router
- Cisco RV215W Wireless-N VPN Router
Cisco fixed this vulnerability in the following releases:
- RV110W Wireless-N VPN Firewall: 126.96.36.199
- RV130W Wireless-N Multifunction VPN Router: 188.8.131.52
- RV215W Wireless-N VPN Router: 184.108.40.206
Qualys customers can scan their network with QID#13430 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References & Sources: