Advisory: CERT.be Advisory #2018-004
Version: 1.0
Reference: CVE-2018-0125
Impacted Products: Cisco RV132W and RV134W Router
Type: Remote Code Execution and Denial of Service
Several Cisco routers are vulnerable to remote code execution and to denial of service attacks. The vulnerabilities stem from incomplete input validation in the web interface.
The following Cisco routers are vulnerable:
Cisco Bug IDs: CSCvg92737, CSCvh60170
A remote attacker may execute arbitrary code and gain control over the router as the root user. The attacker may also cause a denial of service.
Customers are recommended to upgrade their software to the latest version. The vulnerabilities are fixed in firmware version 1.0.1.11.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0125