CVE-2014-2179 - Vulnerability Details - OpenCVE

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00253.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Rv120w Rv120w Firmware Rv180 Rv180 Firmware Rv180w Rv220w Rv220w Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:rv180:-:::::::*
	cpe:2.3:h:cisco:rv180w:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2014-2219	The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
http://seclists.org/fulldisclosure/2014/Nov/6
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
http://www.securityfocus.com/archive/1/533917/100/0/threaded
http://www.securitytracker.com/id/1031171
https://exchange.xforce.ibmcloud.com/vulnerabilities/98499

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-11-07T11:00:00

Updated: 2024-08-06T10:05:59.993Z

Reserved: 2014-02-25T00:00:00

Link: CVE-2014-2179

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-11-07T11:55:02.517

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-2179

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"}, {"name": "20141106 Cisco RV Series multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Nov/6"}, {"name": "20141106 Cisco RV Series multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"}, {"name": "cisco-cve20142179-file-upload(98499)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"}, {"name": "1031171", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031171"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-2179", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"}, {"name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"}, {"name": "20141106 Cisco RV Series multiple vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Nov/6"}, {"name": "20141106 Cisco RV Series multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"}, {"name": "cisco-cve20142179-file-upload(98499)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"}, {"name": "1031171", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031171"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:05:59.993Z"}, "title": "CVE Program Container", "references": [{"name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"}, {"name": "20141106 Cisco RV Series multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Nov/6"}, {"name": "20141106 Cisco RV Series multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"}, {"name": "cisco-cve20142179-file-upload(98499)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"}, {"name": "1031171", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031171"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-2179", "datePublished": "2014-11-07T11:00:00", "dateReserved": "2014-02-25T00:00:00", "dateUpdated": "2024-08-06T10:05:59.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66B8EC15-EC05-49DD-9334-AEE5C396FEC1", "versionEndIncluding": "1.0.3.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8BD67F3-98CE-4B03-8980-6791B753FDC9", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAE232F2-B674-40E7-A96D-A1AC07CB84B7", "versionEndIncluding": "1.0.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*", "matchCriteriaId": "40465CA8-BE8B-4F15-8578-D8972C241D84", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D5EB99F-8672-4939-95E8-AEE242A4EB6E", "versionEndIncluding": "1.0.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*", "matchCriteriaId": "8620DFD9-E280-464E-91FF-2E901EDD49C0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."}, {"lang": "es", "value": "El firmware del router Cisco RV en los dispositivos RV220W, anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a atacantes remotos subir ficheros a localizaciones arbitrarias a trav\u00e9s de una solicitud HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuh86998."}], "id": "CVE-2014-2179", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-07T11:55:02.517", "references": [{"source": "psirt@cisco.com", "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"}, {"source": "psirt@cisco.com", "url": "http://seclists.org/fulldisclosure/2014/Nov/6"}, {"source": "psirt@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"}, {"source": "psirt@cisco.com", "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1031171"}, {"source": "psirt@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2014/Nov/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}