CVE-2019-1653 Scanner
CVE-2019-1653 scanner - Information Disclosure vulnerability in Cisco Small Business RV Series Router
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
The Cisco Small Business RV Series Router is a popular networking device used mainly by small businesses to provide secure and reliable access to the internet. These dual Gigabit WAN VPN routers provide high-performance connectivity and advanced security features for small businesses and home offices. They offer multiple WAN connections with load balancing and failover, VPN support, and a web-based management interface for easy configuration and management.
However, a serious vulnerability, identified as CVE-2019-1653, has been detected in these routers, which could allow an unauthenticated attacker to retrieve sensitive information from the web-based management interface. This vulnerability is due to improper access controls for URLs and can be exploited by connecting to an affected device via HTTP or HTTPS and requesting specific URLs.
If this vulnerability is exploited, an attacker can easily retrieve the router configuration or detailed diagnostic information. This sensitive information can be used to further compromise the network, steal valuable data, or launch other malicious attacks.
In conclusion, as a trusted source of security information and solutions, s4e.io provides comprehensive coverage of vulnerabilities affecting various digital assets, including network devices, web applications, and operating systems. By subscribing to our platform, users can easily and quickly learn about vulnerabilities affecting their digital assets and take proactive measures to protect their networks and data. We are committed to delivering timely and accurate information to help our customers stay secure in today's ever-evolving threat landscape.
REFERENCES
- http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html
- http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html
- http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/Mar/59
- http://seclists.org/fulldisclosure/2019/Mar/60
- http://www.securityfocus.com/bid/106732
- https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/
- https://seclists.org/bugtraq/2019/Mar/53
- https://seclists.org/bugtraq/2019/Mar/54
- https://threatpost.com/scans-cisco-routers-code-execution/141218/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
- https://www.exploit-db.com/exploits/46262/
- https://www.exploit-db.com/exploits/46655/
- https://www.youtube.com/watch?v=bx0RQJDlGbY
- https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/
