Gesamte Überschrift: Cisco RV Authentication Bypass / Code Execution Vulnerability 
Kategorie: remote exploits
Betriebssystem: hardware
Cisco RV-series routers suffer from an authentication bypass vulnerability. The RV34X series are also affected by a command injection vulnerability in the sessionid cookie, when requesting the /upload endpoint. A combination of these issues would allow any person who is able to communicate with the web interface to run arbitrary system commands on the router as the www-data user. Vulnerable versions include RV16X/RV26X versions 1.0.01.02 and below and RV34X versions 1.0.03.20 and below.

# 0day.today @ http://0day.today/