CVE-2019-1899

Name of the Vulnerable Software and Affected Versions Cisco RV110W Wireless-N VPN Firewall versions (affected versions not specified) Cisco RV130W Wireless-N Multifunction VPN Router versions (affected versions not specified) Cisco RV215W Wireless-N VPN Router versions (affected versions not specified)

Description The issue is related to errors in the authorization procedure of the web interface management. It could allow a remote attacker to gain access to the list of devices connected to the network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this by accessing a specific URI on the web interface of the router.

Recommendations For Cisco RV110W Wireless-N VPN Firewall, update the firmware to a version that fixes the authorization procedure issue. For Cisco RV130W Wireless-N Multifunction VPN Router, update the firmware to a version that fixes the authorization procedure issue. For Cisco RV215W Wireless-N VPN Router, update the firmware to a version that fixes the authorization procedure issue. As a temporary workaround, consider restricting access to the web interface of the routers to minimize the risk of exploitation.