CVE-2026-24698 in RV130
Summary
by MITRE • 07/08/2026
An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/08/2026
This vulnerability represents a critical operating system command injection flaw in Cisco RV130/RV130W and RV110W router firmware versions 1.0.3.55 and 1.2.2.5/1.2.2.8 respectively. The issue resides within the save_syslog_to_file() function of the httpd binary where the model_name configuration parameter undergoes insufficient input validation and sanitization. This allows authenticated remote attackers to inject malicious operating system commands through crafted input that gets directly processed without proper escaping or filtering mechanisms.
The technical exploitation of this vulnerability occurs when an attacker with valid credentials accesses the router's web interface and manipulates the model_name parameter during syslog file configuration operations. The lack of proper input sanitization means that special characters such as semicolons, pipes, or command chaining operators can be passed directly to the underlying operating system shell, enabling arbitrary code execution. This vulnerability is classified under CWE-77 as it involves the injection of commands into a command interpreter, and its exploitation directly violates the principle of least privilege by elevating attacker capabilities to root level privileges.
The operational impact of this vulnerability extends beyond simple unauthorized command execution, as it provides complete system compromise capabilities for authenticated attackers. Once exploited, adversaries can gain full control over router operations, potentially leading to man-in-the-middle attacks, network traffic interception, or complete network takeover. The affected devices serve as critical network infrastructure components, making this vulnerability particularly dangerous in enterprise and residential environments where these routers are commonly deployed. Attackers could leverage this vulnerability to install backdoors, modify firewall rules, redirect traffic, or exfiltrate sensitive network information without detection.
Mitigation strategies for this vulnerability require immediate firmware updates from Cisco addressing the input sanitization issue in the affected router models. Network administrators should also implement strict access controls limiting administrative privileges to trusted users only and consider network segmentation to reduce the attack surface. The vulnerability aligns with ATT&CK technique T1059.001 for command and scripting interpreter, specifically targeting OS command injection as a lateral movement and privilege escalation vector. Organizations should also deploy intrusion detection systems capable of identifying suspicious command execution patterns and regularly audit router configurations to prevent unauthorized modifications that could facilitate exploitation of this vulnerability.