← back
CVE-2019-1653

Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

CVSS 7.5 HIGHEPSS 99.9%● KEVCWE-284
In short

The Cisco Small Business RV320 and RV325 routers have a flaw that allows attackers to access sensitive information like router settings and diagnostic data without needing a password. An attacker can simply visit specific web pages to download this confidential information.

Technical detail

An improper access control vulnerability in the web management interface allows unauthenticated remote attackers to retrieve sensitive configuration and diagnostic data by sending HTTP/HTTPS requests to unprotected URLs. The vulnerability requires network access to the management interface but no authentication, enabling unauthorized disclosure of router configuration files.

Summary generated and translated by AI from the official description.
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Cisco · Cisco Small Business RV Series Router Firmware
public PoCs found11
githubgithub.com/shaheemirza/CiscoSpill4githubgithub.com/ibrahimzx/CVE-2019-16531githubgithub.com/dubfr33/CVE-2019-16531githubgithub.com/elzerjp/nuclei-CiscoRV320Dump-CVE-2019-16530cve_referencewww.exploit-db.com/exploits/46262/unverifiedcve_referencewww.exploit-db.com/exploits/46655/unverifiedexploitdbwww.exploit-db.com/exploits/46655unverifiedexploitdbwww.exploit-db.com/exploits/46262unverifiedcve_referencepacketstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.htmlunverifiedcve_referencepacketstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.htmlunverifiedcve_referencepacketstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.htmlhttp://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.htmlhttp://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.htmlhttps://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/http://seclists.org/fulldisclosure/2019/Mar/59http://seclists.org/fulldisclosure/2019/Mar/60https://seclists.org/bugtraq/2019/Mar/53https://seclists.org/bugtraq/2019/Mar/54https://threatpost.com/scans-cisco-routers-code-execution/141218/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-infohttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1653https://www.exploit-db.com/exploits/46262/