Rysh

**Name of the Vulnerable Software and Affected Versions** Cisco RV110W version not specified Cisco RV130W version not specified Cisco RV215W version not specified **Description** The issue allows local users to execute arbitrary shell commands as an administrator via crafted parameters. This is due to the failure to neutralize special elements used in the operating system command. **Recommendations** For Cisco RV110W, update to a version that fixes the issue. For Cisco RV130W, update to a version that fixes the issue. For Cisco RV215W, update to a version that fixes the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco RV110W versions 1.2.0.9 and earlier Cisco RV215W versions 1.1.0.5 and earlier Cisco CVR100W versions 1.0.1.19 and earlier **Description** The issue concerns the web management interface of certain Cisco devices, where it fails to prevent the replaying of modified authentication requests. This allows remote attackers to gain administrative access by intercepting requests. **Recommendations** For Cisco RV110W versions 1.2.0.9 and earlier, update to a version later than 1.2.0.9 to resolve the issue. For Cisco RV215W versions 1.1.0.5 and earlier, update to a version later than 1.1.0.5 to resolve the issue. For Cisco CVR100W versions 1.0.1.19 and earlier, update to a version later than 1.0.1.19 to resolve the issue.