CVE-2020-3150

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv215w:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-16 18:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-3150

Mitre link : CVE-2020-3150

CVE.ORG link : CVE-2020-3150

JSON object : View

Products Affected

cisco

rv215w_firmware
rv110w
rv215w
rv110w_firmware

CWE

CWE-863

Incorrect Authorization

CWE-285

Improper Authorization

{"id": "CVE-2020-3150", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2020-07-16T18:15:16.817", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Small Business RV110W and RV215W Series Routers, podr\u00eda permitir a un atacante remoto no autenticado descargar informaci\u00f3n confidencial del dispositivo, lo que podr\u00eda incluir la configuraci\u00f3n del dispositivo. La vulnerabilidad es debido a una autorizaci\u00f3n inapropiada de una petici\u00f3n HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el acceso a un URI espec\u00edfico en la interfaz de administraci\u00f3n basada en web del enrutador, pero solo despu\u00e9s de que cualquier usuario v\u00e1lido haya abierto un archivo espec\u00edfico en el dispositivo desde el \u00faltimo reinicio. Una explotaci\u00f3n con \u00e9xito permitir\u00eda al atacante visualizar informaci\u00f3n confidencial, que deber\u00eda ser restringida"}], "lastModified": "2020-07-22T20:09:33.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "850B9853-E720-4F7E-A131-5387997E9E87", "versionEndExcluding": "1.2.2.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20E8ECAC-E842-41DB-9612-9374A9648DC2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF6FEFCF-CC6E-4A7B-A3A7-C3754A843EA8", "versionEndExcluding": "1.3.1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv215w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8686AB22-F757-468A-930B-DDE45B508969"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}