PT-2016-2602 · Cisco · Cisco Rv215W+2

Rysh

Published

2016-08-08

Updated

2018-12-15

CVE-2015-6396

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco RV110W version not specified Cisco RV130W version not specified Cisco RV215W version not specified

Description The issue allows local users to execute arbitrary shell commands as an administrator via crafted parameters. This is due to the failure to neutralize special elements used in the operating system command.

Recommendations For Cisco RV110W, update to a version that fixes the issue. For Cisco RV130W, update to a version that fixes the issue. For Cisco RV215W, update to a version that fixes the issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2016-01994

CVE-2015-6396

Affected Products

Cisco Rv110W

Cisco Rv130W

Cisco Rv215W

PT-2016-2602 · Cisco · Cisco Rv215W+2

CVE-2015-6396

Weakness Enumeration

Related Identifiers

Affected Products

References · 6