CVE-2018-0426

Name of the Vulnerable Software and Affected Versions Cisco RV110W Wireless-N VPN Firewall versions (affected versions not specified) Cisco RV130W Wireless-N Multifunction VPN Router versions (affected versions not specified) Cisco RV215W Wireless-N VPN Router versions (affected versions not specified)

Description The issue is caused by insufficient validation of directory traversal character sequences in the web-based management interface. This could allow a remote attacker to disclose sensitive information by sending specially crafted requests. The attacker may gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.

Recommendations For Cisco RV110W Wireless-N VPN Firewall, restrict access to the web-based management interface until a fix is available. For Cisco RV130W Wireless-N Multifunction VPN Router, consider disabling the web-based management interface as a temporary workaround until a patch is available. For Cisco RV215W Wireless-N VPN Router, avoid using the web-based management interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.