CVE-2018-0425

Name of the Vulnerable Software and Affected Versions Cisco RV110W Wireless-N VPN Firewall versions (affected versions not specified) Cisco RV130W Wireless-N Multifunction VPN Router versions (affected versions not specified) Cisco RV215W Wireless-N VPN Router versions (affected versions not specified)

Description A vulnerability in the web-based management interface of the affected devices could allow an unauthenticated, remote attacker to gain access to sensitive information. The issue is due to improper access control to files within the web-based management interface. An attacker could exploit this by sending malicious requests to a targeted device, potentially gaining access to sensitive configuration information, including user authentication credentials.

Recommendations For Cisco RV110W Wireless-N VPN Firewall, restrict access to the web-based management interface until a fix is available. For Cisco RV130W Wireless-N Multifunction VPN Router, consider disabling remote access to the device's management interface as a temporary workaround. For Cisco RV215W Wireless-N VPN Router, avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.