The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Title:
======
Router CISCO RV110W - RV215W - CVR100W - Bypass Login Page
Date:
=====
05/03/2014
CVE Number:
============
CVE-2014-0683
Cisco Security Advisory:
===========
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd
Status:
========
Reported to Cisco - Fixed in new firmware
Affected Products:
==================
- Cisco RV110W Wireless-N VPN Firewall running firmware versions 1.2.0.9
and prior.
- Cisco RV215W Wireless-N VPN Router running firmware versions 1.1.0.5 and
prior.
- Cisco CVR100W Wireless-N VPN Router running firmware versions 1.0.1.19
and prior.
Exploitation-Technique:
=======================
Remote - Internal
Severity:
=========
High
Details:
========
An attacker can bypass the login page of the router just manipulating the
POST data in the administration page (ex: 192.168.1.1) and gain access like
admin.
See the PDF for more details.
https://drive.google.com/file/d/0BzDR2c9r47AiMVlQWkVNVjE0REU/edit?usp=sharing
Affected Versions:
================
Cisco RV110W Wireless-N VPN Firewall running firmware versions 1.2.0.9 and
prior
Cisco RV215W Wireless-N VPN Router running firmware versions 1.1.0.5 and
prior
Cisco CVR100W Wireless-N VPN Router running firmware versions 1.0.1.19 and
prior
Proof of Concept:
=================
See the PDF for more details.
https://drive.google.com/file/d/0BzDR2c9r47AiMVlQWkVNVjE0REU/edit?usp=sharing
Solution:
=========
Update the router with the last firmware.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum