Details of VAR-201810-0355

ID

VAR-201810-0355

CVE

CVE-2018-0404

TITLE

Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011261

DESCRIPTION

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information which should be restricted. The product has entered the end-of-life phase and there will be no more firmware fixes. The Cisco RV180WWireless-NMultifunctionVPNRouter and the SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall are products of Cisco. The Cisco RV180WWireless-NMultifunctionVPNRouter is a router product. SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall is a wireless network firewall product. A security vulnerability exists in the Web framework components in the CiscoRV180WWireless-NMultifunctionVPNRouter and SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall

Trust: 2.25

sources: NVD: CVE-2018-0404 // JVNDB: JVNDB-2018-011261 // CNVD: CNVD-2019-01907 // VULHUB: VHN-118606

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-01907

AFFECTED PRODUCTS

vendor:	cisco	model:	rv220w wireless network security firewall	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	rv180w wireless-n multifunction vpn router	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	rv180w wireless-n multifunction vpn router	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	rv220w wireless network security firewall	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business rv series rv220w wireless network security firewall	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-01907 // JVNDB: JVNDB-2018-011261 // CNNVD: CNNVD-201810-223 // NVD: CVE-2018-0404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0404
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0404
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-01907
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201810-223
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118606
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0404
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-01907
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118606
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0404
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-01907 // VULHUB: VHN-118606 // JVNDB: JVNDB-2018-011261 // CNNVD: CNNVD-201810-223 // NVD: CVE-2018-0404

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-118606 // JVNDB: JVNDB-2018-011261 // NVD: CVE-2018-0404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-223

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201810-223

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011261

PATCH

title:	Cisco RV180W Wireless-N Multifunction VPN Router	url:	https://www.cisco.com/c/en/us/products/routers/rv180w-wireless-n-multifunction-vpn-router/index.html	Trust: 0.8
title:	Cisco RV220W Wireless Network Security Firewall	url:	https://www.cisco.com/c/en/us/products/routers/rv220w-wireless-network-security-firewall/index.html	Trust: 0.8
title:	Patch for CiscoRV180WWireless-NMultifunctionVPNRouter and SmallBusinessRVSeriesRV220WWirelessNetworkSecurityFirewall Information Disclosure Security Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/150587	Trust: 0.6
title:	Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85437	Trust: 0.6

sources: CNVD: CNVD-2019-01907 // JVNDB: JVNDB-2018-011261 // CNNVD: CNNVD-201810-223

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0404	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-011261	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-223	Trust: 0.7
db:	CNVD	id:	CNVD-2019-01907	Trust: 0.6
db:	VULHUB	id:	VHN-118606	Trust: 0.1

sources: CNVD: CNVD-2019-01907 // VULHUB: VHN-118606 // JVNDB: JVNDB-2018-011261 // CNNVD: CNNVD-201810-223 // NVD: CVE-2018-0404

REFERENCES

url:	https://bst.cloudapps.cisco.com/bugsearch/bug/cscvk27179	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0404	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0404	Trust: 0.8

sources: CNVD: CNVD-2019-01907 // VULHUB: VHN-118606 // JVNDB: JVNDB-2018-011261 // CNNVD: CNNVD-201810-223 // NVD: CVE-2018-0404

SOURCES

db:	CNVD	id:	CNVD-2019-01907
db:	VULHUB	id:	VHN-118606
db:	JVNDB	id:	JVNDB-2018-011261
db:	CNNVD	id:	CNNVD-201810-223
db:	NVD	id:	CVE-2018-0404

LAST UPDATE DATE

2024-11-23T22:55:43.467000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-01907	date:	2019-01-18T00:00:00
db:	VULHUB	id:	VHN-118606	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-011261	date:	2019-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201810-223	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0404	date:	2024-11-21T03:38:09.447

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-01907	date:	2019-01-17T00:00:00
db:	VULHUB	id:	VHN-118606	date:	2018-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-011261	date:	2019-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201810-223	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-0404	date:	2018-10-05T16:29:00.300