CVE Vulnerability

CVE-2019-1899

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis Vendor Advisory
http://www.securityfocus.com/bid/108867 Third Party Advisory VDB Entry
https://www.tenable.com/security/research/tra-2019-29 Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-06-20 03:15

Updated : 2020-10-16 03:06

NVD link : CVE-2019-1899

Mitre link : CVE-2019-1899

Products Affected

Cisco

Rv215w

Rv215w Firmware

CWE
CWE-425

Direct Request ('Forced Browsing')