ID
VAR-201601-0003
CVE
CVE-2015-6319
TITLE
Cisco RV220W SQL Injection Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2016-00789 //
CNNVD: CNNVD-201601-654
DESCRIPTION
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574. The Cisco RV220W is a wireless VPN firewall router product from Cisco Systems, USA. Cisco RV220W devices are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCuv29574
Trust: 2.52
sources:
NVD: CVE-2015-6319 //
JVNDB: JVNDB-2015-006879 //
CNVD: CNVD-2016-00789 //
BID: 82024 //
VULHUB: VHN-84280
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-00789
AFFECTED PRODUCTS
| vendor: | sun | model: | opensolaris | scope: | eq | version: | snv_124 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.0.30 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.5.8 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.6.6 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.4.10 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.0.2 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.4.14 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.2.0.2 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.5.6 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.2.6 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.1.0.9 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.1.9 | Trust: 1.0 |
| vendor: | cisco | model: | rv series router | scope: | eq | version: | 1.0.3.10 | Trust: 1.0 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | lt | version: | 1.0.7.2 | Trust: 0.8 |
| vendor: | cisco | model: | rv220w | scope: | lt | version: | 1.0.7.2 | Trust: 0.6 |
| vendor: | cisco | model: | wrv200 wireless-g vpn router - rangebooster | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv320 dual gigabit wan vpn router | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | wrvs4400n wireless-n gigabit security router - vpn v2.0 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | wrv210 wireless-g vpn router - rangebooster | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv042g dual gigabit wan vpn router | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv325 dual wan gigabit vpn router | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv082 dual wan vpn router | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv042 dual wan vpn router | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv110w wireless-n vpn firewall | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | eq | version: | 1.0.310 | Trust: 0.3 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | eq | version: | 1.0.26 | Trust: 0.3 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | eq | version: | 1.0.19 | Trust: 0.3 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | eq | version: | 1.030 | Trust: 0.3 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | eq | version: | 1.02 | Trust: 0.3 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | eq | version: | 1.0.6.6 | Trust: 0.3 |
| vendor: | cisco | model: | rv220w wireless network security firewall | scope: | ne | version: | 1.0.7.2 | Trust: 0.3 |
sources:
CNVD: CNVD-2016-00789 //
BID: 82024 //
JVNDB: JVNDB-2015-006879 //
CNNVD: CNNVD-201601-654 //
NVD: CVE-2015-6319
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2016-00789 //
VULHUB: VHN-84280 //
JVNDB: JVNDB-2015-006879 //
CNNVD: CNNVD-201601-654 //
NVD: CVE-2015-6319
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.9 |
sources:
VULHUB: VHN-84280 //
JVNDB: JVNDB-2015-006879 //
NVD: CVE-2015-6319
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201601-654
TYPE
SQL injection
Trust: 0.6
sources:
CNNVD: CNNVD-201601-654
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-006879
PATCH
| title: | cisco-sa-20160127-rv220 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 | Trust: 0.8 |
| title: | CiscoRV220WSQL Injection Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/71083 | Trust: 0.6 |
| title: | Cisco RV220W SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59965 | Trust: 0.6 |
sources:
CNVD: CNVD-2016-00789 //
JVNDB: JVNDB-2015-006879 //
CNNVD: CNNVD-201601-654
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6319 | Trust: 3.4 |
| db: | SECTRACK | id: | 1034830 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-006879 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201601-654 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-00789 | Trust: 0.6 |
| db: | BID | id: | 82024 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-84280 | Trust: 0.1 |
sources:
CNVD: CNVD-2016-00789 //
VULHUB: VHN-84280 //
BID: 82024 //
JVNDB: JVNDB-2015-006879 //
CNNVD: CNNVD-201601-654 //
NVD: CVE-2015-6319
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160127-rv220 | Trust: 2.6 |
| url: | http://www.securitytracker.com/id/1034830 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6319 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6319 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
sources:
CNVD: CNVD-2016-00789 //
VULHUB: VHN-84280 //
BID: 82024 //
JVNDB: JVNDB-2015-006879 //
CNNVD: CNNVD-201601-654 //
NVD: CVE-2015-6319
CREDITS
Cisco
Trust: 0.3
sources:
BID: 82024
SOURCES
| db: | CNVD | id: | CNVD-2016-00789 |
| db: | VULHUB | id: | VHN-84280 |
| db: | BID | id: | 82024 |
| db: | JVNDB | id: | JVNDB-2015-006879 |
| db: | CNNVD | id: | CNNVD-201601-654 |
| db: | NVD | id: | CVE-2015-6319 |
LAST UPDATE DATE
2024-11-23T22:13:21.366000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-00789 | date: | 2016-02-03T00:00:00 |
| db: | VULHUB | id: | VHN-84280 | date: | 2016-12-07T00:00:00 |
| db: | BID | id: | 82024 | date: | 2016-01-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006879 | date: | 2016-02-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201601-654 | date: | 2016-01-28T00:00:00 |
| db: | NVD | id: | CVE-2015-6319 | date: | 2024-11-21T02:34:46.617 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-00789 | date: | 2016-02-03T00:00:00 |
| db: | VULHUB | id: | VHN-84280 | date: | 2016-01-27T00:00:00 |
| db: | BID | id: | 82024 | date: | 2016-01-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006879 | date: | 2016-02-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201601-654 | date: | 2016-01-28T00:00:00 |
| db: | NVD | id: | CVE-2015-6319 | date: | 2016-01-27T22:59:00.100 |