Advisory: CERT.be Advisory #2018-004
Version: 1.0
Reference: CVE-2018-0125
Impacted Products: Cisco RV132W and RV134W Router
Type: Remote Code Execution and Denial of Service

Summary

Several Cisco routers are vulnerable to remote code execution and to denial of service attacks. The vulnerabilities stem from incomplete input validation in the web interface.

The following Cisco routers are vulnerable:

• RV132W ADSL2+ Wireless-N VPN Router
• RV134W VDSL2 Wireless-AC VPN Router

Cisco Bug IDs: CSCvg92737, CSCvh60170

Risks

A remote attacker may execute arbitrary code and gain control over the router as the root user. The attacker may also cause a denial of service.

Recommended Actions

Customers are recommended to upgrade their software to the latest version. The vulnerabilities are fixed in firmware version 1.0.1.11.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0125