PT-2016-2274 · Cisco · Cisco Rv110W+2
Published
2016-06-19
·
Updated
2016-11-30
·
CVE-2016-1396
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco RV110W versions prior to 1.2.1.7
Cisco RV130W versions prior to 1.0.3.16
Cisco RV215W versions prior to 1.3.0.8
Description
The issue is related to a cross-site scripting (XSS) vulnerability in the web-based management interface of the affected devices. This vulnerability exists due to inadequate protection of the web page structure, allowing an attacker to inject arbitrary web script or HTML code using a specially crafted parameter.
Recommendations
For Cisco RV110W versions prior to 1.2.1.7, update to firmware version 1.2.1.7 or later.
For Cisco RV130W versions prior to 1.0.3.16, update to firmware version 1.0.3.16 or later.
For Cisco RV215W versions prior to 1.3.0.8, update to firmware version 1.3.0.8 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Rv110W
Cisco Rv130W
Cisco Rv215W