ID

VAR-202607-1138


CVE

CVE-2026-24697


TITLE

Cisco Systems Cisco RV110W Wireless-N VPN Firewall  Firmware and other multiple products OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-023300

DESCRIPTION

An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. - All information handled by the software may be overwritten. - The software may completely shut down

Trust: 1.62

sources: NVD: CVE-2026-24697 // JVNDB: JVNDB-2026-023300

AFFECTED PRODUCTS

vendor:ciscomodel:rv130wscope:eqversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv110wscope:eqversion:1.2.2.5

Trust: 1.0

vendor:ciscomodel:rv130scope:eqversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv110wscope:eqversion:1.2.2.8

Trust: 1.0

vendor:シスコシステムズmodel:cisco rv130w wireless-n multifunction vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv130 vpn ルータscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-023300 // NVD: CVE-2026-24697

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-24697
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-023300
value: HIGH

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-24697
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-023300
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-023300 // NVD: CVE-2026-24697

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-023300 // NVD: CVE-2026-24697

PATCH

title:IoT-Vulnerability/cisco/RV130/2/wp-en.md at main  glkfc/IoT-Vulnerability  GitHuburl:https://github.com/glkfc/IoT-Vulnerability/blob/main/cisco/RV130/2/wp-en.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-023300

EXTERNAL IDS

db:NVDid:CVE-2026-24697

Trust: 2.6

db:JVNDBid:JVNDB-2026-023300

Trust: 0.8

sources: JVNDB: JVNDB-2026-023300 // NVD: CVE-2026-24697

REFERENCES

url:https://github.com/glkfc/iot-vulnerability/blob/main/cisco/rv130/2/wp-en.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-24697

Trust: 0.8

sources: JVNDB: JVNDB-2026-023300 // NVD: CVE-2026-24697

SOURCES

db:JVNDBid:JVNDB-2026-023300
db:NVDid:CVE-2026-24697

LAST UPDATE DATE

2026-07-14T23:35:46.329000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-023300date:2026-07-13T02:29:00
db:NVDid:CVE-2026-24697date:2026-07-10T17:54:30.890

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-023300date:2026-07-13T00:00:00
db:NVDid:CVE-2026-24697date:2026-07-08T15:16:26.697