CVE-2026-24700 in RV130info

Summary

by MITRE • 07/08/2026

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

This vulnerability represents a critical operating system command injection flaw that affects Cisco RV130 and RV110W wireless routers. The issue resides within the start_lltd() function of the rc binary, which serves as a crucial component in the router's initialization process. The vulnerability stems from improper input validation of the machine_name configuration parameter, creating a pathway for malicious actors to inject arbitrary operating system commands. This flaw enables authenticated remote attackers to execute code with root privileges, fundamentally compromising the device's security posture and potentially providing complete system control.

The technical implementation of this vulnerability aligns with CWE-77, which specifically addresses command injection flaws in software systems. The root cause occurs when user-supplied input flows directly into operating system commands without proper sanitization or validation mechanisms. Attackers can exploit this by crafting malicious machine_name values that contain shell metacharacters and command sequences. The authenticated nature of the attack requires an attacker to first establish valid credentials, but once achieved, the privilege escalation to root level execution allows for complete system compromise. This vulnerability directly maps to ATT&CK technique T1059.001, which involves executing malicious code through command and scripting interpreters.

The operational impact of this vulnerability extends far beyond simple remote code execution. Once exploited, attackers gain unrestricted access to the router's underlying operating system, enabling them to modify network configurations, install malware, monitor traffic, or establish persistence mechanisms within the network infrastructure. The affected devices operate with elevated privileges through the rc binary, making the attack vector particularly dangerous as it eliminates the need for additional privilege escalation techniques. Network administrators face significant risks including potential data breaches, man-in-the-middle attacks, and complete loss of network control. The vulnerability affects multiple firmware versions across different router models, amplifying its potential impact within enterprise and small business environments that may be running outdated firmware.

Mitigation strategies should prioritize immediate firmware updates from Cisco to address the identified command injection flaw. Network administrators must ensure all affected devices are updated to versions containing proper input validation mechanisms for the machine_name parameter. Additionally, implementing network segmentation and access controls can reduce the attack surface by limiting which systems can communicate with these vulnerable routers. Regular security audits should verify that no unauthorized modifications have occurred and that proper authentication measures remain in place. The vulnerability highlights the importance of secure coding practices, particularly in embedded systems where input validation is critical for preventing command injection attacks. Organizations should also maintain comprehensive network monitoring to detect anomalous behavior that might indicate exploitation attempts. Given the severity of this flaw, immediate remediation actions are essential to prevent potential compromise of entire network infrastructures.

Responsible

MITRE

Reservation

01/23/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!