Cisco Rv110w Firmware 126.96.36.199 Denial Of Service Overflow Vulnerability
23 Aug. 2016
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 188.8.131.52, RV130W devices with firmware through 184.108.40.206, and RV215W devices with firmware through 220.127.116.11 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a denial of service (DoS) condition.
The vulnerability is due to improper sanitization of user-supplied input for fields in HTTP requests that are sent when a user configures an affected device by using the web-based management interface for the device. An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload. A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition.
Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.