Sign-up

ID

VAR-201802-0595


CVE

CVE-2018-0127


TITLE

Cisco RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Information disclosure vulnerability in routers

Trust: 0.8

sources: JVNDB: JVNDB-2018-002223

DESCRIPTION

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172. Vendors have confirmed this vulnerability Bug ID CSCvg92739 and CSCvh60172 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco RV132WADSL2+Wireless-NVPN and RV134WVDSL2Wireless-ACVPNRouters are routers of Cisco Systems of the United States. Webinterface is one of the web interfaces. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks

Trust: 2.61

sources: NVD: CVE-2018-0127 // JVNDB: JVNDB-2018-002223 // CNVD: CNVD-2018-05553 // BID: 102969 // VULHUB: VHN-118329 // VULMON: CVE-2018-0127

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05553

AFFECTED PRODUCTS

vendor:ciscomodel:rv134wscope:eqversion:1.0.0.1

Trust: 2.5

vendor:ciscomodel:rv134wscope:eqversion:1.0.1.8

Trust: 2.2

vendor:ciscomodel:rv132wscope:eqversion:1.0.1.8

Trust: 1.9

vendor:ciscomodel:rv132wscope:eqversion:1.0.0.1

Trust: 1.6

vendor:ciscomodel:rv132w adsl2+ wireless-n vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv134w vdsl2 wireless-ac vpn routerscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2018-05553 // BID: 102969 // JVNDB: JVNDB-2018-002223 // CNNVD: CNNVD-201802-272 // NVD: CVE-2018-0127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0127
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0127
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-05553
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-272
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118329
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0127
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0127
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05553
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118329
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0127
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-0127
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-05553 // VULHUB: VHN-118329 // VULMON: CVE-2018-0127 // JVNDB: JVNDB-2018-002223 // CNNVD: CNNVD-201802-272 // NVD: CVE-2018-0127

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-306

Trust: 1.1

sources: VULHUB: VHN-118329 // JVNDB: JVNDB-2018-002223 // NVD: CVE-2018-0127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-272

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201802-272

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002223

PATCH
title:cisco-sa-20180207-rv13x_2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2
Trust: 0.8
title:Multiple Cisco Wireless VPN Routers Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/121887
Trust: 0.6
title:Cisco: Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180207-rv13x_2
Trust: 0.1
title:Check Point Security Alerts: Cisco RV Routers Authentication Bypass (CVE-2018-0127)url:https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts&qid=b4503a20ade23fd61b3251b0f1387351
Trust: 0.1
title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05553 // 
            
            
            
            VULMON: CVE-2018-0127 // 
            
            
            
            JVNDB: JVNDB-2018-002223

EXTERNAL IDS
db:NVDid:CVE-2018-0127
Trust: 3.5
db:BIDid:102969
Trust: 2.7
db:SECTRACKid:1040345
Trust: 2.4
db:JVNDBid:JVNDB-2018-002223
Trust: 0.8
db:CNNVDid:CNNVD-201802-272
Trust: 0.7
db:CNVDid:CNVD-2018-05553
Trust: 0.6
db:VULHUBid:VHN-118329
Trust: 0.1
db:VULMONid:CVE-2018-0127
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05553 // 
            
            
            
            VULHUB: VHN-118329 // 
            
            
            
            VULMON: CVE-2018-0127 // 
            
            
            
            BID: 102969 // 
            
            
            
            JVNDB: JVNDB-2018-002223 // 
            
            
            
            CNNVD: CNNVD-201802-272 // 
            
            
            
            NVD: CVE-2018-0127

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-rv13x_2
Trust: 2.2
url:http://www.securityfocus.com/bid/102969
Trust: 1.8
url:http://www.securitytracker.com/id/1040345
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0127
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0127
Trust: 0.8
url:https://securitytracker.com/id/1040345
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/arpsyndicate/kenzer-templates
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05553 // 
            
            
            
            VULHUB: VHN-118329 // 
            
            
            
            VULMON: CVE-2018-0127 // 
            
            
            
            BID: 102969 // 
            
            
            
            JVNDB: JVNDB-2018-002223 // 
            
            
            
            CNNVD: CNNVD-201802-272 // 
            
            
            
            NVD: CVE-2018-0127

CREDITS
An independent security researcher.
Trust: 0.3
sources:
            
            
            BID: 102969

SOURCES
db:CNVDid:CNVD-2018-05553
db:VULHUBid:VHN-118329
db:VULMONid:CVE-2018-0127
db:BIDid:102969
db:JVNDBid:JVNDB-2018-002223
db:CNNVDid:CNNVD-201802-272
db:NVDid:CVE-2018-0127

LAST UPDATE DATE
2024-11-23T22:30:30.286000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05553date:2018-03-19T00:00:00
db:VULHUBid:VHN-118329date:2020-09-04T00:00:00
db:VULMONid:CVE-2018-0127date:2020-09-04T00:00:00
db:BIDid:102969date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002223date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201802-272date:2020-09-07T00:00:00
db:NVDid:CVE-2018-0127date:2024-11-21T03:37:34.500

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05553date:2018-03-19T00:00:00
db:VULHUBid:VHN-118329date:2018-02-08T00:00:00
db:VULMONid:CVE-2018-0127date:2018-02-08T00:00:00
db:BIDid:102969date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002223date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201802-272date:2018-02-09T00:00:00
db:NVDid:CVE-2018-0127date:2018-02-08T07:29:00.633