Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability
Description
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated, remote attacker can view information from the web-based management interface of certain Cisco Small Business RV Series Routers due to improper authorization.
Vulnerability
The vulnerability resides in the web-based management interface of Cisco Small Business RV Series Routers. It is caused by improper authorization of HTTP requests. Affected models include RV016, RV042, RV042G, and RV082 running firmware versions prior to 4.2.3.10. The RV016 and RV082 have reached end of software maintenance. [1]
Exploitation
An unauthenticated, remote attacker can exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. No authentication or prior access is required. The attacker only needs network connectivity to the device.
Impact
Successful exploitation allows the attacker to view information displayed in the web-based management interface without authentication. This results in information disclosure, potentially exposing sensitive configuration or network details. No code execution or data modification is possible.
Mitigation
Cisco has released firmware version 4.2.3.10 to address the vulnerability. There are no available workarounds. Users should upgrade to the fixed release. Note that the RV016 and RV082 routers are end-of-life and may not receive updates; replacement is recommended. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-sbr-rv-infodismitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.