CVE-2019-15957

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV016 versions prior to the fixed version Cisco Small Business RV042 versions prior to the fixed version Cisco Small Business RV042G versions prior to the fixed version Cisco Small Business RV082 versions prior to the fixed version Cisco Small Business RV320 versions prior to the fixed version Cisco Small Business RV325 versions prior to the fixed version

Description The issue is related to insufficient validation of user-supplied input in the web-based management interface of certain Cisco Small Business RV Series Routers. This allows an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system, which are executed with root privileges. An attacker could exploit this by providing malicious input to a specific field in the web-based management interface of an affected device, potentially allowing the execution of arbitrary commands on the underlying Linux operating system as the root user.

Recommendations For Cisco Small Business RV016, update to a version that contains a fix for this issue. For Cisco Small Business RV042, update to a version that contains a fix for this issue. For Cisco Small Business RV042G, update to a version that contains a fix for this issue. For Cisco Small Business RV082, update to a version that contains a fix for this issue. For Cisco Small Business RV320, update to a version that contains a fix for this issue. For Cisco Small Business RV325, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.