Cisco RV320 and RV325 Routers CVE-2019-1653 Information Disclosure Vulnerability

Bugtraq ID:	106732
Class:	Access Validation Error
CVE:	CVE-2019-1653
Remote:	Yes
Local:	No
Published:	Jan 23 2019 12:00AM
Updated:	Jan 23 2019 12:00AM
Credit:	RedTeam Pentesting GmbH.
Vulnerable:	Cisco RV325 Dual Gigabit WAN VPN Router 1.4.2.17 Cisco RV325 Dual Gigabit WAN VPN Router 1.4.2.15 Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.17 Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15
Not Vulnerable:	Cisco RV325 Dual Gigabit WAN VPN Router 1.4.2.20 Cisco RV325 Dual Gigabit WAN VPN Router 1.4.2.19 Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.20 Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.19

Cisco RV320 and RV325 Routers CVE-2019-1653 Information Disclosure Vulnerability

Cisco RV320 and RV325 Routers are prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks.

This issue is being tracked by the Cisco Bug ID CSCvg85922.

The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable:

Cisco RV320 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17.
Cisco RV325 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17.

Cisco RV320 and RV325 Routers CVE-2019-1653 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.