← back
CVE-2019-1652

Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability

CVSS 7.2 HIGHEPSS 95.9%● KEVCWE-20
In short

An authenticated attacker with admin access to Cisco RV320/RV325 routers can inject malicious commands through the web management interface, gaining complete control of the device. This matters because these routers protect entire networks, so compromising one exposes all connected systems.

Technical detail

Command injection vulnerability in the web-based management interface of Cisco RV320/RV325 routers exploitable via malicious HTTP POST requests by authenticated administrative users. The vulnerability stems from improper input validation, allowing arbitrary command execution as root on the underlying Linux system. Attack requires prior authentication with admin privileges but results in complete device compromise.

Summary generated and translated by AI from the official description.
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco Small Business RV Series Router Firmware
public PoCs found7
githubgithub.com/0x27/CiscoRV320Dump226cve_referencepacketstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46243/unverifiedcve_referencepacketstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/46655unverifiedexploitdbwww.exploit-db.com/exploits/46243unverifiedcve_referencewww.exploit-db.com/exploits/46655/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.htmlhttp://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2019/Mar/61https://seclists.org/bugtraq/2019/Mar/55https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-injecthttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1652https://www.exploit-db.com/exploits/46243/https://www.exploit-db.com/exploits/46655/http://www.securityfocus.com/bid/106728