Cisco Rv110w Firmware 220.127.116.11 Denial Of Service Overflow Vulnerability
23 Aug. 2016
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 18.104.22.168, RV130W devices with firmware through 22.214.171.124, and RV215W devices with firmware through 126.96.36.199 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a denial of service (DoS) condition.
The vulnerability is due to improper sanitization of user-supplied input for fields in HTTP requests that are sent when a user configures an affected device by using the web-based management interface for the device. An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload. A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition.
Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.