Cisco RV110W up to 1.2.2.7 Telnet Service hard-coded credentials

Summaryinfo

A vulnerability described as very critical has been identified in Cisco RV110W up to 1.2.2.7. Affected by this vulnerability is an unknown functionality of the component Telnet Service. Such manipulation leads to hard-coded credentials. This vulnerability is documented as CVE-2020-3330. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Cisco RV110W up to 1.2.2.7 (Router Operating System) and classified as very critical. Affected by this issue is an unknown code block of the component Telnet Service. The manipulation with an unknown input leads to a hard-coded credentials vulnerability. Using CWE to declare the problem leads to CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Impacted is confidentiality, integrity, and availability. CVE summarizes:

A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.

The weakness was released 07/15/2020 as cisco-sa-rv110w-static-cred-BM / CSCvs50818 as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is handled as CVE-2020-3330. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 07/16/2020). The MITRE ATT&CK project declares the attack technique as T1110.001. The advisory points out:

A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account.

As 0-day the estimated underground price was around $25k-$100k. The advisory illustrates:

The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.

Upgrading to version 1.2.2.8 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The advisory contains the following remark:

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Not Affected

• Cisco RV130/RV130W/RV215W

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• RV110W

Version

• 1.2.2.0
• 1.2.2.1
• 1.2.2.2
• 1.2.2.3
• 1.2.2.4
• 1.2.2.5
• 1.2.2.6
• 1.2.2.7

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion