Cisco has announced a total of four vulnerabilities in the web management interface of three wireless routers (models RV110W, RV130W and RV215W). At least one of the problems could allow taking control of the affected devices

 The most serious problem (with  CVE-2016-1395 ) lies in inadequate filtering of the user's http entries, which could allow a remote attacker without authenticating to execute arbitrary code with root privileges on the affected system.

second problem , with CVE-2016-1396, lies in the inadequate validation of certain parameters sent to the affected devices through HTTP GET or HTTP POST methods. This error could allow an unauthenticated remote attacker to build cross-site scripting attacks.

Por último, dos vulnerabilidades (CVE-2016-1397 y CVE-2016-1398) de desbordamiento de búfer por un filtrado inadecuado de las entradas del usuario de campos en peticiones http que se envían cuando un usuario configura un dispositivo afectado mediante la interfaz web de administración. Un atacante remoto sin autenticar podría provocar condiciones de denegación de servicio.

Todos los problemas afectan a los siguientes productos:

  • RV110W Wireless-N VPN Firewall.
  • RV130W Wireless-N Multifunction VPN Router.
  • RV215W Wireless-N VPN Router.

 

 

 

Cisco publicará actualizaciones del firmware en el tercer trimestre de este año. Se espera que las actualizaciones sean:

  • Para Cisco RV110W Wireless-N VPN Firewall, version 1.2.1.7.
  • Para Cisco RV130W Wireless-N Multifunction VPN Router, version 1.0.3.16.
  • Para Cisco RV215W Wireless-N VPN Router, version 1.3.0.8.

Estarán disponibles para descarga desde

http://www.cisco.com/cisco/software/navigator.html.

En Products > Routers > Small Business Routers > Small Business RV Series Routers

 

Más información:

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv

Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1

 

Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3 .