CNVD-2018-03484 — Vulnetix

CNVD-2018-03484 PUBLISHED CVSS 9.800000190734863 CRITICAL

Cisco RV132W ADSL2+ Wireless-N VPN Routers和RV134W VDSL2 Wireless-AC VPN Routers都是美国思科（Cisco）公司的路由器。 Cisco RV132W ADSL2+ Wireless-N VPN Router和RV134W VDSL2 Wireless-AC VPN Router存在远程命令执行漏洞。该漏洞源于程序未能对用户的输入做充分过滤，/tr69cfg.cgi页面POST请求的参数tr69cBoundIfName处存在命令注入，攻击者可基于此远程执行任意命令。

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
n/a	Cisco RV132W and RV134W	Cisco RV132W and RV134W

Timeline

Jan 10, 2018 CVE Published
Jun 14, 2023 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published
Apr 2, 2026 PoC Published

References

103140 vdb
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x url
1040336 vdb
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0125 url

Open in Interactive Console →