Vulnerability Description
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv130W Wireless-N Multifunction Vpn Router | - |
| Cisco | Rv130W Wireless-N Multifunction Vpn Router Firmware | 1.0.0.21 |
| Cisco | Rv215W Wireless-N Vpn Router | - |
| Cisco | Rv215W Wireless-N Vpn Router Firmware | 1.1.0.5 |
| Cisco | Rv110W Wireless-N Vpn Firewall | - |
| Cisco | Rv110W Wireless-N Vpn Firewall Firmware | 1.1.0.9 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securitytracker.com/id/1036113
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securitytracker.com/id/1036113
FAQ
What is CVE-2016-1395?
CVE-2016-1395 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote att...
How severe is CVE-2016-1395?
CVE-2016-1395 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-1395?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv130W Wireless-N Multifunction Vpn Router, Cisco Rv130W Wireless-N Multifunction Vpn Router Firmware, Cisco Rv215W Wireless-N Vpn Router, Cisco Rv215W Wireless-N Vpn Router Firmware, Cisco Rv110W Wireless-N Vpn Firewall.