Vulnerability Description
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv110W Firmware | <= 1.2.0.9 |
| Cisco | Rv110W | - |
| Cisco | Rv215W Firmware | <= 1.1.0.5 |
| Cisco | Rv215W | - |
| Cisco | Cvr100W Firmware | <= 1.0.1.19 |
| Cisco | Cvr100W | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20PatchVendor Advisory
- https://www.exploit-db.com/exploits/45986/
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20PatchVendor Advisory
- https://www.exploit-db.com/exploits/45986/
FAQ
What is CVE-2014-0683?
CVE-2014-0683 is a vulnerability with a CVSS score of 10.0 (HIGH). The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does...
How severe is CVE-2014-0683?
CVE-2014-0683 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0683?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv110W Firmware, Cisco Rv110W, Cisco Rv215W Firmware, Cisco Rv215W, Cisco Cvr100W Firmware.