漏洞描述
【漏洞对象】Cisco路由器 【涉及版本】RV320和RV325 【漏洞描述】 Cisco Small Business RV320和RV325双千兆WANVPN路由器的基于Web的管理界面中的漏洞可能允许未经身份验证的远程攻击者检索敏感信息。该漏洞是由于对URL的访问控制不当造成的。攻击者可以通过HTTP或HTTPS连接到受影响的设备并请求特定的URL来利用此漏洞。成功利用可能允许攻击者下载路由器配置或详细的诊断信息。
Cisco RV320和RV325路由器-信息泄漏(CVE-2019-1653)
PoC代码
暂无相关漏洞推荐
- Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞
- POC CVE-2001-0537: Cisco IOS HTTP Configuration - Authentication Bypass
- POC CVE-2009-1558: Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
- POC CVE-2011-3315: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
- POC CVE-2013-5528: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
- POC CVE-2018-0127: Cisco RV132W/RV134W Router - Information Disclosure
- POC CVE-2018-0296: Cisco ASA - Local File Inclusion
- POC CVE-2019-1653: Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
- POC CVE-2019-1821: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution
- POC CVE-2019-1898: Cisco RV110W RV130W RV215W Router - Information leakage
- POC CVE-2019-1943: Cisco Small Business 200,300 and 500 Series Switches - Open Redirect
- POC CVE-2020-16139: Cisco Unified IP Conference Station 7937G - Denial-of-Service
- POC CVE-2020-26073: Cisco SD-WAN vManage Software - Local File Inclusion