CVE-2019-1653

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers (affected versions not specified)

Description A vulnerability in the web-based management interface of the routers could allow an unauthenticated, remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs, potentially allowing them to download the router configuration or detailed diagnostic information.

Recommendations For Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers, update to the latest firmware version released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the web-based management interface until a patch is applied. Avoid using HTTP or HTTPS to connect to the device until the issue is resolved, if possible. At the moment, there is no information about specific steps to mitigate the vulnerability beyond updating the firmware.