Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco addressed CVE-2019-1663 RCE flaw in wireless routers

Cisco addressed CVE-2019-1663critical flaw in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices. Cisco released security updates to address a critical flaw (CVE-2019-1663) in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices. The CVE-2019-1663 flaw received a […]

Cisco CVE-2019-1663

Cisco addressed CVE-2019-1663critical flaw in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices.

Cisco released security updates to address a critical flaw (CVE-2019-1663) in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices.

The CVE-2019-1663 flaw received a CVSS score of 9.8, the issue resides in the web-based management interface of three router models and is caused by the improper validation of user-supplied data. The web-based management interface can be accessed either through a local LAN connection or via remote management, but experts noticed that the latter feature is disabled by default.

“A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.” reads the advisory published by Cisco.

“An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user,”

The flaw affects all releases of the following Cisco models:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

The tech giant fixed the issue in the following releases:

  • RV110W Wireless-N VPN Firewall: 1.2.2.1
  • RV130W Wireless-N Multifunction VPN Router: 1.0.3.45
  • RV215W Wireless-N VPN Router: 1.3.1.1
CVE-2019-1663

No workarounds are available for this flaw.

The vulnerabilities were revealed at the GeekPwn Shanghai conference in October 2018, but experts did not disclose technical details at the time. Cisco credited Yu Zhang and Haoliang Lu at the GeekPwn conference, and T. Shiomitsu of Pen Test Partners LLP for the discovery of the flaw.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CVE-2019-1663, Cisco wireless routers)

[adrotate banner=”5″]

[adrotate banner=”13″]