Cisco RV110/RV130/RV215 Unauthenticated Configuration Export Vulnerability (CVE-2019-1663)

Summary:

Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router management interface are prone to an unauthenticated, remote code execution. Improper validation of user-supplied data in the web-based management interface is the vulnerability.

Description:

For Cisco RV110/RV130/RV215 ,the web-based management interface is available through a local LAN connection or the remote management feature. One with administrator rights can open the web-based management interface and choose Basic Settings > Remote Management to check remote management is enabled for the device or not.

At, Qualys labs we have tried to generate a QID# 13430 that takes care of this vulnerability.

A POC is available. According to POC, the signature checks for the router information into the main GET request to the page that determines “router.appname=”RVxxxW Wireless-AC VPN Firewall“; “ . This implies to all the affected products mentioned below that falls under CVE-2019-1663.

Affected Products:

  • Cisco RV110W Wireless-N VPN Firewall
  • Cisco RV130W Wireless-N Multifunction VPN Router
  • Cisco RV215W Wireless-N VPN Router

Advisory:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex

 Mitigation:

Cisco fixed this vulnerability in the following releases:

  • RV110W Wireless-N VPN Firewall: 1.2.2.1
  • RV130W Wireless-N Multifunction VPN Router: 1.0.3.45
  • RV215W Wireless-N VPN Router: 1.3.1.1

Qualys customers can scan their network with QID#13430 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

References & Sources:

  • https://packetstormsecurity.com/files/152507/Cisco-RV130W-Routers-Management-Interface-Remote-Command-Execution.html
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1663

Leave a Reply

Your email address will not be published. Required fields are marked *