CVE-2014-2179

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-2179

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

T

he Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.

References
Link Resource
http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
http://seclists.org/fulldisclosure/2014/Nov/6
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv Patch Vendor Advisory
http://www.securityfocus.com/archive/1/533917/100/0/threaded
http://www.securitytracker.com/id/1031171
https://exchange.xforce.ibmcloud.com/vulnerabilities/98499
http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
http://seclists.org/fulldisclosure/2014/Nov/6
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv Patch Vendor Advisory
http://www.securityfocus.com/archive/1/533917/100/0/threaded
http://www.securitytracker.com/id/1031171
https://exchange.xforce.ibmcloud.com/vulnerabilities/98499
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*
History

21 Nov 2024, 02:05

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html - () http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html -
References () http://seclists.org/fulldisclosure/2014/Nov/6 - () http://seclists.org/fulldisclosure/2014/Nov/6 -
References () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv - Patch, Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv - Patch, Vendor Advisory
References () http://www.securityfocus.com/archive/1/533917/100/0/threaded - () http://www.securityfocus.com/archive/1/533917/100/0/threaded -
References () http://www.securitytracker.com/id/1031171 - () http://www.securitytracker.com/id/1031171 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/98499 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/98499 -
Information

Published : 2014-11-07 11:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-2179

Mitre link : CVE-2014-2179

CVE.ORG link : CVE-2014-2179

JSON object : View

Products Affected

cisco

CWE
CWE-20

Improper Input Validation