Cisco RV Authentication Bypass / Code Execution

Posted by deepcore on April 21, 2021 – 10:52 pm

Cisco RV-series routers suffer from an authentication bypass vulnerability. The RV34X series are also affected by a command injection vulnerability in the sessionid cookie, when requesting the /upload endpoint. A combination of these issues would allow any person who is able to communicate with the web interface to run arbitrary system commands on the router as the www-data user. Vulnerable versions include RV16X/RV26X versions 1.0.01.02 and below and RV34X versions 1.0.03.20 and below.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Microsoft DiagHub Privilege Escalation [webapps] OTRS 6.0.1 – Remote Command Execution (2) »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Cisco RV Authentication Bypass / Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL