CRITICAL✓ PATCH🇬🇧 English

CVE-2017-3882

CVSS 9.6v3.0pub. 2017-05-16upd. 2026-05-13

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642.

oryginał EN
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Rv042

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv042g

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv082

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv110w

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv130

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv130w

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv130 Wf

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv130w Wf

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv132w

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv134w

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv215w

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv320

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv320 Wf

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv325

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv325 Wf

    HW
    Cisco
    wszystkie wersje
  • Cisco Small Business Rv Router Firmware

    APP
    Cisco
    1.0.0.301.0.1.191.0.1.91.0.2.61.0.3.101.0.391.0.4.101.0.4.141.0.5.41.0.5.4\(gd\)1.0.5.51.0.5.61.0.5.81.0.6.6
  • Cisco Small Business Rv Router Firmware 1.0

    APP
    Cisco
    0.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEDoSMemoryVPN
CWE
Referencje

Powiązane podatności

CVE-2018-0125CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VP...

CVE-2023-20025CRITICAL9.0ten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 ...

CVE-2022-20825CRITICAL9.8ten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215...

CVE-2021-1459CRITICAL9.8ten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215...

CVE-2020-3144CRITICAL9.8ten sam produkt

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN R...