This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit an information disclosure vulnerability in Cisco RV320 and RV325 routers.
Cisco RV320 and RV325 Routers are prone to an information-disclosure vulnerability because of improper access controls. Specifically, this issue affects the web-based management interface. An attacker can exploit this issue by attempting to connect via HTTP and HTTPS to the affected device and requesting a specially crafted URL. This may allow an attacker to download router configuration file or diagnostic information.
An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks.
This issue is being tracked by the Cisco Bug ID CSCvg85922.
- The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable:
- Cisco RV320 Dual Gigabit WAN VPN Router version 184.108.40.206 and 220.127.116.11.
- Cisco RV325 Dual Gigabit WAN VPN Router version 18.104.22.168 and 22.214.171.124.