A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewalls, Cisco RV130W Wireless-N Multifunction VPN Routers, and Cisco RV215W Wireless-N VPN Routers could allow an authenticated, remote attacker to cause a buffer overflow on a targeted system, resulting in a denial of service (DoS) condition.The vulnerability is due to improper sanitization of user-supplied input for fields in HTTP requests that are sent when a user configures an affected device by using the web-based management interface for the device.

An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload.

A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition.Cisco has released firmware updates that address this vulnerability.

There are no workarounds that address this vulnerability.This advisory is available at the following link:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3

Leave a Reply