A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
History

Tue, 12 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-06-08'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-11-26T03:12:26.649466Z

Updated: 2024-11-12T21:20:58.058Z

Reserved: 2019-08-20T00:00:00

Link: CVE-2019-15271

cve-icon Vulnrichment

Updated: 2024-08-05T00:42:00.917Z

cve-icon NVD

Status : Modified

Published: 2019-11-26T03:15:11.050

Modified: 2024-11-21T04:28:20.240

Link: CVE-2019-15271

cve-icon Redhat

No data.