CVE-2019-1843

Current Description

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition.

Basic Data

Published	June 20, 2019
Last Modified	October 09, 2019
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-20
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	NONE
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	5.0
Severity	MEDIUM
Exploitability Score	10.0
Impact Score	2.9
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

CVSS 3 - Version	3.0
CVSS 3 - Vector String	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 3 - Attack Vector	NETWORK
CVSS 3 - Attack Complexity	LOW
CVSS 3 - Privileges Required	NONE
CVSS 3 - User Interaction	NONE
CVSS 3 - Scope	UNCHANGED
CVSS 3 - Confidentiality Impact	NONE
CVSS 3 - Integrity Impact	NONE
CVSS 3 - Availability Impact	HIGH
CVSS 3 - Base Score	7.5
CVSS 3 - Base Severity	HIGH
Exploitability Score	3.9
Base Severity	HIGH

Configurations

Vulnerable Software List

Vendor	Product	Versions
Cisco	Rv130w Firmware	*
Cisco	Rv110w Firmware	*
Cisco	Rv215w Firmware	*

References