1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Cisco RV320 & RV325 Routers CVE-2019-1653

Web Attack: Cisco RV320 & RV325 Routers CVE-2019-1653

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an information disclosure vulnerability in Cisco RV320 and RV325 routers.

Additional Information

Cisco RV320 and RV325 Routers are prone to an information-disclosure vulnerability because of improper access controls. Specifically, this issue affects the web-based management interface. An attacker can exploit this issue by attempting to connect via HTTP and HTTPS to the affected device and requesting a specially crafted URL. This may allow an attacker to download router configuration file or diagnostic information.

An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks.

This issue is being tracked by the Cisco Bug ID CSCvg85922.

Affected

  • The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable:
  • Cisco RV320 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17.
  • Cisco RV325 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube