Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability
Description
A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated remote attacker can download sensitive device configuration from Cisco RV110W and RV215W routers after a valid user opens a specific file.
Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers allows an unauthenticated, remote attacker to download sensitive information, including the device configuration. The issue is due to improper authorization of an HTTP request. Affected firmware versions are RV110W releases earlier than 1.2.2.8 and RV215W releases earlier than 1.3.1.7. The attack is only possible after any valid user has opened a specific file on the device since the last reboot [1].
Exploitation
An attacker with network access to the web-based management interface (either via LAN or the remote management feature, which is disabled by default) can exploit this vulnerability by accessing a specific URI on the router. No authentication is required. The exploit is contingent on a valid user having opened a particular file on the device after the last reboot; without this precondition, the URI returns restricted data [1].
Impact
Successful exploitation allows the attacker to view sensitive information that should be restricted, such as the device configuration. This leads to a confidentiality breach, potentially exposing network settings, credentials, and other operational details [1].
Mitigation
Cisco has released software updates to address this vulnerability. The fixed versions are 1.2.2.8 for the RV110W and 1.3.1.7 for the RV215W. No workarounds are available. Administrators should upgrade to the latest firmware. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsDmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.