Cisco Rv110w Wireless-N Vpn Firewall Firmware Denial Of Service Overflow Vulnerability
12 Aug. 2016
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 126.96.36.199, RV130W devices with firmware before 188.8.131.52, and RV215W devices with firmware before 184.108.40.206 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a denial of service (DoS) condition.
The vulnerability is due to improper sanitization of user-supplied input for fields in HTTP requests that are sent when a user configures an affected device by using the web-based management interface for the device. An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload. A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition.