—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability

Advisory ID: cisco-sa-20180207-rv13x

Revision: 1.0

For Public Release: 2018 February 7 16:00 GMT

Last Updated: 2018 February 7 16:00 GMT

CVE ID(s): CVE-2018-0125

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition.

Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJaeyP7XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcziZcP/RxM10X5DYgfH4ZDx2jB4+UKmoxH
SMlLfa7qgCPjnRDSN1hkquHa7NL7jAEfzwTyMU22oY23wyvF5wfHQ/Tm2oQHJkeB
4PWK0YJ+6/MVSXQZTyAfbZwn1r5pRtGSUqZlLxmU9DnBUtlrkiI6nNeeDyVNcx58
ULoqw+e1+Q/pUb3ah99GvxxAja8Vu1AeHjlntmWZfGMQu5O/N8XP5QmkqrQfDr7E
uNt9yEpx4oXZ/nTLIQ27O9MFABXceAxMqDuri2KhB7jTN1EOZ6L/qdJUCgO8weJm
NPVmqg6/SE0CJeX3g61wgJS/NnECQ8bVq01dtQJtRixULteNvCgoLgtmQeYz5XB8
HY3/JX1XFEWCy8KQKFXIedmEu16JZbOiH2tLh9WVfelH07KttBzplsh6T4MFXChJ
nOieSoqduI0Nnwq49daiYV6fe3HxpFIPVmjWIdRxGoNTifDVMDbrJV5+23gqn3nL
qD8p7xVw8d97HvFtOD3NboBUbZKaImRNArETe86hK/SmfZ4Rhe1wn4nJoidc9J7a
MoNvFmpakMFUTHeX6sGhqpJFT0zQEDFRipS18Bv9iNR8+ZSCz9jdx48PXMJ1rszN
lCLj/C9rzOjaau3qdcqzInrmMySKLnTeYrD+Ax63JLoWZ+1Pvo/C9xj2SGP1kBtO
KlfFmKzljvMT/95D
=8fDd
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com