Details of VAR-201902-0427

ID

VAR-201902-0427

CVE

CVE-2019-1663

TITLE

plural Cisco RV Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-002114

DESCRIPTION

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. This issue is tracked by Cisco Bug ID CSCvn18638, CSCvn18639, CSCvn18642

Trust: 3.15

sources: NVD: CVE-2019-1663 // JVNDB: JVNDB-2019-002114 // CNVD: CNVD-2019-05902 // CNVD: CNVD-2022-32613 // BID: 107185 // VULHUB: VHN-148795 // VULMON: CVE-2019-1663

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2019-05902 // CNVD: CNVD-2022-32613

AFFECTED PRODUCTS

vendor:	cisco	model:	rv110w	scope:	lt	version:	1.2.2.1	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	lt	version:	1.3.1.1	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	lt	version:	1.0.3.45	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	lt	version:	1.2.2.1	Trust: 0.8
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	lt	version:	1.0.3.45	Trust: 0.8
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	lt	version:	1.3.1.1	Trust: 0.8
vendor:	cisco	model:	rv110w none	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130w none	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w none	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv110w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	small business rv series routers	scope:	eq	version:	1.3.0.8	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	eq	version:	1.2.1.7	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	eq	version:	1.0.1.2	Trust: 0.3
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	ne	version:	1.3.1.1	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	ne	version:	1.2.2.1	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	ne	version:	1.0.3.45	Trust: 0.3
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	ne	version:	1.3.1.1	Trust: 0.3
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	ne	version:	1.0.3.45	Trust: 0.3
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	ne	version:	1.2.2.1	Trust: 0.3

sources: CNVD: CNVD-2019-05902 // CNVD: CNVD-2022-32613 // BID: 107185 // JVNDB: JVNDB-2019-002114 // NVD: CVE-2019-1663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1663
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1663
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-1663
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-05902
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2022-32613
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201902-988
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-148795
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1663
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1663
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-05902
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2022-32613
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-148795
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1663
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1663
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-05902 // CNVD: CNVD-2022-32613 // VULHUB: VHN-148795 // VULMON: CVE-2019-1663 // JVNDB: JVNDB-2019-002114 // CNNVD: CNNVD-201902-988 // NVD: CVE-2019-1663 // NVD: CVE-2019-1663

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-148795 // JVNDB: JVNDB-2019-002114 // NVD: CVE-2019-1663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-988

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201902-988

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002114

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-148795 // VULMON: CVE-2019-1663

PATCH

title:	cisco-sa-20190227-rmi-cmd-ex	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex	Trust: 0.8
title:	Patch for CiscoRV110W, RV130W, and RV215W Remote Command Execution Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/155001	Trust: 0.6
title:	Patch for Buffer Overflow Vulnerability in Multiple Cisco Products (CNVD-2022-32613)	url:	https://www.cnvd.org.cn/patchInfo/show/331126	Trust: 0.6
title:	Cisco?RV110W Wireless-N VPN Firewall , RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89695	Trust: 0.6
title:	Cisco: Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190227-rmi-cmd-ex	Trust: 0.1
title:	Cisco-RV130W	url:	https://github.com/welove88888/Cisco-RV130W	Trust: 0.1
title:	dir2md	url:	https://github.com/XinRoom/dir2md	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/zero-day-bug-soho-routers/165321/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2019/06/24/security_roundup/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-fixes-critical-flaw-in-wireless-vpn-firewall-routers/142284/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-rce-vulnerability-in-rv110w-rv130w-and-rv215w-routers/	Trust: 0.1

sources: CNVD: CNVD-2019-05902 // CNVD: CNVD-2022-32613 // VULMON: CVE-2019-1663 // JVNDB: JVNDB-2019-002114 // CNNVD: CNNVD-201902-988

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1663	Trust: 4.1
db:	BID	id:	107185	Trust: 2.7
db:	PACKETSTORM	id:	152507	Trust: 1.2
db:	PACKETSTORM	id:	154310	Trust: 1.2
db:	PACKETSTORM	id:	153163	Trust: 1.2
db:	EXPLOIT-DB	id:	46705	Trust: 1.2
db:	JVNDB	id:	JVNDB-2019-002114	Trust: 0.8
db:	CNVD	id:	CNVD-2022-32613	Trust: 0.7
db:	CNNVD	id:	CNNVD-201902-988	Trust: 0.7
db:	EXPLOITALERT	id:	33303	Trust: 0.6
db:	CNVD	id:	CNVD-2019-05902	Trust: 0.6
db:	NSFOCUS	id:	42833	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0622.2	Trust: 0.6
db:	VULHUB	id:	VHN-148795	Trust: 0.1
db:	EXPLOIT-DB	id:	47348	Trust: 0.1
db:	VULMON	id:	CVE-2019-1663	Trust: 0.1

sources: CNVD: CNVD-2019-05902 // CNVD: CNVD-2022-32613 // VULHUB: VHN-148795 // VULMON: CVE-2019-1663 // BID: 107185 // JVNDB: JVNDB-2019-002114 // CNNVD: CNNVD-201902-988 // NVD: CVE-2019-1663

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190227-rmi-cmd-ex	Trust: 3.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1663	Trust: 2.0
url:	http://www.securityfocus.com/bid/107185	Trust: 1.9
url:	http://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv130_rmi_rce	Trust: 1.3
url:	https://www.exploit-db.com/exploits/46705/	Trust: 1.2
url:	http://packetstormsecurity.com/files/152507/cisco-rv130w-routers-management-interface-remote-command-execution.html	Trust: 1.2
url:	http://packetstormsecurity.com/files/153163/cisco-rv130w-1.0.3.44-remote-stack-overflow.html	Trust: 1.2
url:	http://packetstormsecurity.com/files/154310/cisco-rv110w-rv130-w-rv215w-remote-command-execution.html	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1663	Trust: 0.8
url:	https://www.exploitalert.com/view-details.html?id=33303	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42833	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/76242	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://github.com/welove88888/cisco-rv130w	Trust: 0.1
url:	https://www.exploit-db.com/exploits/47348	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Yu Zhang ????????Haoliang Lu ?? ??,the following security researchers: Yu Zhang and Haoliang Lu at the GeekPwn conference T. Shiomitsu of Pen Test Partners LLP

Trust: 0.6

sources: CNNVD: CNNVD-201902-988

SOURCES

db:	CNVD	id:	CNVD-2019-05902
db:	CNVD	id:	CNVD-2022-32613
db:	VULHUB	id:	VHN-148795
db:	VULMON	id:	CVE-2019-1663
db:	BID	id:	107185
db:	JVNDB	id:	JVNDB-2019-002114
db:	CNNVD	id:	CNNVD-201902-988
db:	NVD	id:	CVE-2019-1663

LAST UPDATE DATE

2024-11-23T21:37:39.016000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-05902	date:	2019-06-06T00:00:00
db:	CNVD	id:	CNVD-2022-32613	date:	2022-05-02T00:00:00
db:	VULHUB	id:	VHN-148795	date:	2020-10-05T00:00:00
db:	VULMON	id:	CVE-2019-1663	date:	2020-10-05T00:00:00
db:	BID	id:	107185	date:	2019-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-002114	date:	2019-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201902-988	date:	2019-03-06T00:00:00
db:	NVD	id:	CVE-2019-1663	date:	2024-11-21T04:37:02.680

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-05902	date:	2019-03-02T00:00:00
db:	CNVD	id:	CNVD-2022-32613	date:	2022-05-29T00:00:00
db:	VULHUB	id:	VHN-148795	date:	2019-02-28T00:00:00
db:	VULMON	id:	CVE-2019-1663	date:	2019-02-28T00:00:00
db:	BID	id:	107185	date:	2019-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-002114	date:	2019-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201902-988	date:	2019-02-27T00:00:00
db:	NVD	id:	CVE-2019-1663	date:	2019-02-28T18:29:02.040