Cisco RV110W, RV130W, and RV215W Routers Information Disclosure Vulnerability

Vulnerability

The vulnerability exists in the web interface of Cisco RV110W, RV130W, and RV215W Wireless-N VPN Routers. Due to improper authorization of an HTTP request, an unauthenticated, remote attacker can access a specific URI to retrieve the list of devices that are or have been connected to the guest network. All firmware versions prior to the fix are affected [1][2].

Exploitation

An attacker needs only network access to the router's web interface; no authentication is required. By sending a crafted HTTP GET request to a particular URI (e.g., the endpoint that exposes guest network device information), the attacker can obtain the list of connected devices, including their MAC and IP addresses [1]. The exact URI is not publicly detailed but is reachable without any session or credentials.

Impact

Successful exploitation results in information disclosure: the attacker gains a list of all devices that have connected to the guest network, along with their MAC and IP addresses. This information can be leveraged for further attacks, such as targeted denial-of-service (see CVE-2019-1897) or network reconnaissance. The compromise is at the network information level, with no privilege escalation on the router itself [1][2].

Mitigation

Cisco has released firmware updates to address this vulnerability; affected users should upgrade to the fixed software version indicated in the Cisco Security Advisory [2]. No workarounds are available. Users should also consider disabling the guest network if not needed, and monitor for any suspicious activity. The routers may be end-of-life; check Cisco's support page for the latest guidance [2].