Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
Vulnerability Description
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco Small Business 操作系统命令注入漏洞
Vulnerability Description
Cisco Small Business是美国思科(Cisco)公司的一个交换机。 Cisco Small Business RV160、RV160W、RV260、RV260P 和 RV260W VPN 路由器基于 Web 的管理界面中存在操作系统命令注入漏洞,该漏洞源于用户输入验证不足。该漏洞可能允许攻击者使用root级权限在受影响的设备上执行任意命令。由于漏洞的性质,只能执行没有参数的命令。
CVSS Information
N/A
Vulnerability Type
N/A