Unrated severityNVD Advisory· Published Jun 18, 2020· Updated Nov 15, 2024

Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities

CVE-2020-3269

Description

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated admin on Cisco RV1xx routers can execute arbitrary commands via the web-based management interface, leading to full device compromise.

Vulnerability

Multiple command injection vulnerabilities exist in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers. These flaws allow an authenticated attacker with administrative privileges to execute arbitrary commands on the underlying operating system. The vulnerabilities affect firmware versions prior to the fixed releases indicated in the Cisco advisory [1].

Exploitation

An attacker must have valid administrative credentials and network access to the router's web-based management interface. No additional user interaction is required. The attacker can send specially crafted HTTP requests to the management interface to trigger command injection.

Impact

Successful exploitation grants the attacker arbitrary command execution at the root privilege level. This can lead to full compromise of the device, including data exfiltration, installation of malicious software, and further network attacks.

Mitigation

Cisco has released free software updates to address these vulnerabilities. Customers should upgrade their firmware to the fixed versions as specified in the advisory [1]. No workarounds are available; disabling the management interface on WAN side is recommended as a best practice.

References

Cisco Security Advisory: Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./RV130llm-create
Cisco Systems, Inc./Rv110wllm-fuzzy
Cisco Systems, Inc./Rv215wllm-fuzzy
Cisco Systems, Inc./RV130Wllm-fuzzy
Cisco Systems, Inc./Rv130w Wireless N Multifunction VPN Router Firmwarecpe-rescue
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000