Cisco RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663)


Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router management interface are prone to an unauthenticated, remote code execution. Improper validation of user-supplied data in the web-based management interface is the vulnerability.


For Cisco RV110/RV130/RV215 ,the web-based management interface is available through a local LAN connection or the remote management feature. One with administrator rights can open the web-based management interface and choose Basic Settings > Remote Management to check remote management is enabled for the device or not.

At, Qualys labs we have tried to generate a QID# 13430 that takes care of this vulnerability.

A POC is available. According to POC, the signature checks for the router information into the main GET request to the page that determines “router.appname=”RVxxxW Wireless-AC VPN Firewall“; “ . This implies to all the affected products mentioned below that falls under CVE-2019-1663.

Affected Products:

  • Cisco RV110W Wireless-N VPN Firewall
  • Cisco RV130W Wireless-N Multifunction VPN Router
  • Cisco RV215W Wireless-N VPN Router



Cisco fixed this vulnerability in the following releases:

  • RV110W Wireless-N VPN Firewall:
  • RV130W Wireless-N Multifunction VPN Router:
  • RV215W Wireless-N VPN Router:

Qualys customers can scan their network with QID#13430 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

References & Sources:


Leave a Reply

Your email address will not be published. Required fields are marked *