A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-11-26T03:12:26.649466Z
Updated: 2024-09-16T20:38:10.697Z
Reserved: 2019-08-20T00:00:00
Link: CVE-2019-15271
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-26T03:15:11.050
Modified: 2019-12-11T16:27:32.523
Link: CVE-2019-15271
Redhat
No data.