A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
Advisories
Source ID Title
EUVD EUVD EUVD-2019-6279 A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.11421}

epss

{'score': 0.09825}


Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.10945}

epss

{'score': 0.11421}


Tue, 12 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-06-08'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2025-07-30T01:45:53.892Z

Reserved: 2019-08-20T00:00:00.000Z

Link: CVE-2019-15271

cve-icon Vulnrichment

Updated: 2024-08-05T00:42:00.917Z

cve-icon NVD

Status : Analyzed

Published: 2019-11-26T03:15:11.050

Modified: 2025-02-24T15:35:55.637

Link: CVE-2019-15271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.