CVE-2018-0424

Name of the Vulnerable Software and Affected Versions Cisco RV110W Wireless-N VPN Firewall versions (affected versions not specified) Cisco RV130W Wireless-N Multifunction VPN Router versions (affected versions not specified) Cisco RV215W Wireless-N VPN Router versions (affected versions not specified)

Description The issue is related to insufficient input validation in the web-based management interface of the affected devices, allowing an attacker to execute arbitrary commands with root privileges by sending specially crafted requests. This could be done by exploiting the improper validation of user-supplied input to scripts by the web-based management interface.

Recommendations For Cisco RV110W Wireless-N VPN Firewall, update to a version that fixes the issue with improper validation of user-supplied input. For Cisco RV130W Wireless-N Multifunction VPN Router, update to a version that fixes the issue with improper validation of user-supplied input. For Cisco RV215W Wireless-N VPN Router, update to a version that fixes the issue with improper validation of user-supplied input. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.