CVE-2019-1897

Name of the Vulnerable Software and Affected Versions Cisco RV110W Wireless-N VPN Firewall versions (affected versions not specified) Cisco RV130W Wireless-N Multifunction VPN Router versions (affected versions not specified) Cisco RV215W Wireless-N VPN Router versions (affected versions not specified)

Description The issue is related to errors in the authorization procedure of the web interface for managing Cisco RV110W, RV130W, and RV215W routers. This could allow a remote attacker to disconnect clients connected to the guest network on a vulnerable router. The vulnerability is due to improper authorization of an HTTP request, which an attacker could exploit by accessing the URL for device disconnection and providing the connected device information, potentially denying service to specific clients connected to the guest network.

Recommendations For Cisco RV110W Wireless-N VPN Firewall, update to a version that fixes the authorization procedure error in the web-based management interface. For Cisco RV130W Wireless-N Multifunction VPN Router, update to a version that fixes the authorization procedure error in the web-based management interface. For Cisco RV215W Wireless-N VPN Router, update to a version that fixes the authorization procedure error in the web-based management interface. As a temporary workaround, consider restricting access to the device disconnection URL to minimize the risk of exploitation.