Cisco Routers Web Interface Multiple Vulnerabilities
Description
(#Several vulnerabilities have been identified in the web interface of Cisco:#- CVE-2016-1395: arbitrary code execution. An unauthenticated remote attacker could exploit it to execute arbitrary code with root privileges by sending a specially crafted HTTP request. This vulnerability is due to insufficient sanitation of HTTP user-supplied input for the web interface##- CVE-2016-1396: cross-site scripting. A remote attacker could exploit them by enticing their victim into following a specially crafted link in order to execute arbitrary JavaScript or HTML code##- CVE-2016-1397: buffer overflow. A remote attacker could exploit it to provoke a denial of service by sending a specially crafted HTTP request. This vulnerability is due to an improper sanitation of user-supplied input for the web-based management interface##- CVE-2016-1398: buffer overflow. A remote attacker could exploit it to provoke a denial of service by sending a specially crafted HTTP request. This vulnerability is due to an improper sanitation of user-supplied input for the web-based management interface.##Cisco has announced that functional exploits exist for these vulnerabilities.)
Vulnerable Products
Vulnerable OS: RV Wireless Series (Cisco) - RV110W, RV130W, RV215W
