正文

Cisco Small Business RV320和RV325 访问控制错误漏洞

admin
admin V管理员 /0 评论 /7 阅读
0222
此篇文章发布距今已超过1175天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Cisco Small Business RV320和RV325 访问控制错误漏洞

  • CNNVD编号:CNNVD-201901-876
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2019-1653
  • 漏洞类型: 信息泄露
  • 发布时间: 2019-01-24
  • 威胁类型: 远程
  • 更新时间: 2020-10-09
  • 厂        商:
  • 漏洞来源: RedTeam Pentesting...

漏洞简介

Cisco Small Business RV320和RV325都是美国思科(Cisco)公司的企业级路由器。

使用1.4.2.15版本至1.4.2.19版本固件的Cisco Small Business RV320和RV325中基于Web的管理界面存在信息泄露漏洞,该漏洞源于程序对URLs执行了错误的访问控制。远程攻击者可通过HTTP或HTTPS协议连接受影响的设备并请求URLs利用该漏洞检索敏感信息。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info

参考网址

来源:MISC

链接:http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html

来源:MISC

链接:https://threatpost.com/scans-cisco-routers-code-execution/141218/

来源:MISC

链接:http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/46262/

来源:FULLDISC

链接:http://seclists.org/fulldisclosure/2019/Mar/60

来源:MISC

链接:http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html

来源:BID

链接:http://www.securityfocus.com/bid/106732

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/46655/

来源:MISC

链接:https://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

来源:BID

链接:https://www.securityfocus.com/bid/106732

来源:BUGTRAQ

链接:https://seclists.org/bugtraq/2019/Mar/53

来源:BUGTRAQ

链接:https://seclists.org/bugtraq/2019/Mar/54

来源:MISC

链接:https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/

来源:MISC

链接:https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/

来源:MISC

链接:https://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html

来源:MISC

链接:https://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html

来源:CISCO

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info

来源:MISC

链接:https://www.youtube.com/watch?v=bx0RQJDlGbY

来源:FULLDISC

链接:http://seclists.org/fulldisclosure/2019/Mar/59

来源:www.securityfocus.com

链接:http://www.securityfocus.com/bid/106732

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/43903

来源:www.exploit-db.com

链接:https://www.exploit-db.com/exploits/46655

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html

受影响实体

    暂无


补丁

  • Cisco Small Business RV320和RV325 信息泄露漏洞的修复措施
    <!--
    2019-1-24
    -->