Vulnerability Description
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv132W Firmware | 1.0.0.1 |
| Cisco | Rv132W | - |
| Cisco | Rv134W Firmware | 1.0.0.1 |
| Cisco | Rv134W | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102969Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040345Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/102969Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040345Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0127?
CVE-2018-0127 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration ...
How severe is CVE-2018-0127?
CVE-2018-0127 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-0127?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv132W Firmware, Cisco Rv132W, Cisco Rv134W Firmware, Cisco Rv134W.