Cisco Small Business RV320和RV325 输入验证错误漏洞

漏洞信息详情

Cisco Small Business RV320和RV325 输入验证错误漏洞

CNNVD编号：CNNVD-201901-877
危害等级：高危-->
危害等级：高危
CVE编号： CVE-2019-1652
漏洞类型：操作系统命令注入
发布时间： 2019-01-24
威胁类型：远程
更新时间： 2020-10-09
厂商：
漏洞来源： RedTeam Pentesting...

漏洞简介

Cisco Small Business RV320和RV325都是美国思科（Cisco）公司的企业级路由器。

使用1.4.2.15版本至1.4.2.19版本固件的Cisco Small Business RV320和RV325中存在命令注入漏洞，该漏洞源于程序没有正确地验证用户提交的输入。远程攻击者可通过发送特制的HTTP POST请求利用该漏洞以root权限在底层Linux shell上执行任意代码。

漏洞公告

目前厂商已发布升级补丁以修复漏洞，补丁获取链接:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject

参考网址

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject

来源:www.securityfocus.com

链接:http://www.securityfocus.com/bid/106728

来源:BUGTRAQ

链接:https://seclists.org/bugtraq/2019/Mar/55

来源:MISC

链接:http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/46243/

来源:MISC

链接:https://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html

来源:BID

链接:https://www.securityfocus.com/bid/106728

来源:FULLDISC

链接:http://seclists.org/fulldisclosure/2019/Mar/61

来源:EXPLOIT-DB

链接:https://www.exploit-db.com/exploits/46655/

来源:MISC

链接:http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html

来源:MISC

链接:https://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/43901

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html

来源:www.exploit-db.com

链接:https://www.exploit-db.com/exploits/46655

受影响实体

暂无

补丁

Cisco Small Business RV320和RV325 命令注入漏洞的修复措施

正文

Cisco Small Business RV320和RV325 输入验证错误漏洞

漏洞信息详情