CVE-2015-6397 — Vulnetix

CVE-2015-6397 PUBLISHED CVSS 8.800000190734863 HIGH

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.

EPSS 1.19% · 79.2th percentile

Risk Scores

CVSS 3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.19%

79.2th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
cisco	rv130w_wireless-n_multifunction_vpn_router_firmware
cisco	rv110w_wireless-n_vpn_firewall_firmware
cisco	rv215w_wireless-n_vpn_router_firmware

Exploit Intelligence

92273 (circl)
20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability (circl)
1036524 (circl)

Timeline

Aug 3, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

92273 vdb
20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability vendor-advisory
1036524 vdb
https://nvd.nist.gov/vuln/detail/CVE-2015-6397 advisory

Open in Interactive Console →