7.5
CVE-2019-1653
- EPSS 94.38%
- Veröffentlicht 24.01.2019 16:29:00
- Zuletzt bearbeitet 28.10.2025 13:57:57
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Rv320 Firmware Version1.4.2.15
Cisco ≫ Rv320 Firmware Version1.4.2.17
Cisco ≫ Rv325 Firmware Version1.4.2.15
Cisco ≫ Rv325 Firmware Version1.4.2.17
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
SchwachstelleCisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.38% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@cisco.com | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.