CVE-2018-0127

Name of the Vulnerable Software and Affected Versions: Cisco RV132W ADSL2+ Wireless-N VPN Routers (affected versions not specified) Cisco RV134W VDSL2 Wireless-AC VPN Routers (affected versions not specified)

Description: A vulnerability in the web interface could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, leading to the disclosure of confidential information. This is due to the absence of user authentication requirements for certain pages that contain confidential information. An attacker could exploit this by sending a crafted HTTP request to an affected device and examining the HTTP response. A successful exploit could allow the attacker to view configuration parameters, including the administrator password.

Recommendations: For Cisco RV132W ADSL2+ Wireless-N VPN Routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco RV134W VDSL2 Wireless-AC VPN Routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.