—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal Vulnerability

Advisory ID: cisco-sa-20180905-rv-routers-traversal

Revision: 1.0

For Public Release: 2018 September 5 16:00 GMT

Last Updated: 2018 September 5 16:00 GMT

CVE ID(s): CVE-2018-0426

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

+———————————————————————

Summary

=======

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbkAC0XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczzP8QANTl5tPxQ0c5Of9f3Nx+mA+02bdY
U9K/FlgsVy/SKAIiynGygPl0iZ03GutReSP5Jjvldsf4bdAv75ZSJv+mjW4x/iiu
ZlKyt5mcVugOUVlVKDckAlAC3SS/w9HyeJvsAXVoaSUhbbMRyc5OONYVNYOwolIa
mWPZgPPJjGd2gn8VMUr9YEdJCV/7iXcEFqwfvh6EHVzEbLTITK026kEkl8fjSSC1
4Rm2MUYDfH9OuqYn7z5Izq0MRJYqFl1/WaadxBSg7fPAaVumFryyI7DzS4g3sEbL
ThGzIUm9SKa+19Lk2LcVw1rm90S6gZBspuD0OjXPNDqpt1YFcndqyMWWpBAcdCjp
cPJ8trb0Q5ZanveGd/D38RSjSVcZxgiqsyWQ/XH2eFYWywNBV5grknb7fAwfaapw
qy0dCyqDM4hbbh/3CZWcBawURejDc1ih9qGBbQ3E3+Kk5o4kkrtvaeB8qPkrSBRV
+ox/A3yib+zHm+1x+tCn9r2F8JhQC1BSA1HTj9D9lo/k1dPxa/APTuAgRNLOyEcd
ukKGEk1hGLa9AwEDUUhln50rh1qUG1S/8AAhiSVcqTBkgbF68FHdXiJcmN17N1y7
DZvuGnvdxlcdDgILLFk6o/vA3MetyKG/bzQ69H2hqKUEfuE4824TAdbi6Ig5+sa0
eOZBFg2QBl6BzSRr
=6iGk
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com