Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability
Description
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated remote attacker can send malicious HTTP requests to Cisco RV110W, RV130W, RV215W routers, causing a reload and DoS.
Vulnerability
The vulnerability exists in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router. The issue is improper validation of user-supplied data in the web interface. An unauthenticated, remote attacker can exploit this by sending specially crafted HTTP requests to a targeted device. Affected versions: as per Cisco advisory, all firmware versions prior to the fixed releases. [1]
Exploitation
An attacker needs only network access to the target device; no authentication is required. The attacker sends malicious HTTP requests to the web management interface. The improper validation leads to a condition that causes the device to reload. The steps: identify a vulnerable device, craft HTTP requests with malformed data, send them to the interface, triggering a reload. No user interaction or race condition needed. [1]
Impact
Successful exploitation causes the device to reload, resulting in a denial of service (DoS) condition. The attacker gains no access to data or privileged operations; the impact is solely availability disruption. The device becomes temporarily unavailable until it completes the reload cycle. [1]
Mitigation
Cisco has released free software updates that address this vulnerability. Customers may install updates for their licensed devices. The fixed releases are specified in the advisory. Customers without service contracts should contact Cisco TAC to obtain upgrades. Workarounds: none disclosed. Ensure devices are updated to the latest firmware. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rvrouters-dosmitrevendor-advisoryx_refsource_CISCO
- www.securityfocus.com/bid/108864mitrevdb-entryx_refsource_BID
News mentions
0No linked articles in our index yet.