CVE-2019-1898

Name of the Vulnerable Software and Affected Versions Cisco RV110W Wireless-N VPN Firewall versions (affected versions not specified) Cisco RV130W Wireless-N Multifunction VPN Router versions (affected versions not specified) Cisco RV215W Wireless-N VPN Router versions (affected versions not specified)

Description The issue is related to errors in the authorization procedure of the web-based management interface, which could allow a remote attacker to access protected information. Specifically, the vulnerability is due to improper authorization of an HTTP request, allowing an unauthenticated attacker to access the syslog file on an affected device by accessing its URL.

Recommendations For Cisco RV110W Wireless-N VPN Firewall, update the firmware to a version that fixes the authorization procedure error. For Cisco RV130W Wireless-N Multifunction VPN Router, update the firmware to a version that fixes the authorization procedure error. For Cisco RV215W Wireless-N VPN Router, update the firmware to a version that fixes the authorization procedure error. As a temporary workaround, consider restricting access to the syslog file URL to minimize the risk of exploitation.