CVE-2026-24699 in RV130
Summary
by MITRE • 07/08/2026
An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/08/2026
This vulnerability represents a critical operating system command injection flaw in Cisco's small business routing equipment, specifically affecting the RV130 and RV110W series devices. The issue resides within the sub_34984() function of the rc binary, which processes network configuration parameters without adequate input validation or sanitization. The lan_ipv6_prefixlen parameter serves as the attack vector, where maliciously crafted input can be executed as system commands due to insufficient parameter filtering.
The technical nature of this vulnerability aligns with CWE-77 and CWE-88 categories, representing improper neutralization of special elements used in OS commands. The flaw allows authenticated remote attackers to escalate privileges from regular user level to root access, enabling complete system compromise. Attackers can leverage this vulnerability to execute arbitrary code on the affected devices, potentially leading to unauthorized network access, data exfiltration, or further lateral movement within the network infrastructure.
From an operational perspective, this vulnerability poses significant risk to small business networks since these routers typically serve as gateways between internal and external networks. The combination of remote exploitability with authenticated access requirements means that an attacker who gains user credentials could fully compromise the network device. This creates a potential pivot point for attackers to access internal systems, conduct man-in-the-middle attacks, or establish persistent backdoors within the network perimeter.
The impact extends beyond immediate device compromise as these routers often control critical network segmentation and firewall rules. Network administrators should consider implementing immediate mitigations including firmware updates to versions that address this vulnerability, network segmentation to limit access to these devices, and monitoring for suspicious command execution patterns. Additionally, organizations should enforce strict access controls and credential management practices to reduce the attack surface.
According to ATT&CK framework, this vulnerability maps to T1059.001 (Command and Scripting Interpreter: PowerShell) and T1068 (Exploitation for Privilege Escalation) techniques, as it enables arbitrary command execution with elevated privileges. The vulnerability also relates to T1566 (Phishing) if attackers use social engineering to obtain legitimate credentials, and T1071.004 (Application Layer Protocol: DNS) if network traffic analysis reveals suspicious command patterns. Organizations should implement comprehensive network monitoring solutions that can detect unusual command execution patterns and establish robust patch management procedures to address similar vulnerabilities in network infrastructure devices.