Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities

Vulnerability

The vulnerabilities are stored cross-site scripting (XSS) flaws in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers [1]. They arise from insufficient input validation by the interface. The management interface is accessible via a local LAN connection (cannot be disabled) or through the WAN connection if the remote management feature is enabled (disabled by default). An attacker must have valid administrator credentials on the affected device to exploit these vulnerabilities [1].

Exploitation

An authenticated remote attacker with administrator privileges can send crafted HTTP requests to the affected device to inject malicious script code [1]. Because the XSS is stored, the injected script persists in the interface and executes when other users (e.g., other administrators) access the affected pages. No additional user interaction is required beyond the attacker's authenticated session [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information [1]. This could lead to session hijacking, credential theft, or defacement of the management interface. The attacker already possesses administrator credentials, but the XSS can be used to target other users or escalate the scope of compromise within the browser context [1].

Mitigation

As of the advisory publication date (January 13, 2021), Cisco has not released firmware updates to address these vulnerabilities [1]. No workarounds are available. To reduce exposure, users should disable the remote management feature if it is not required. Administrators should monitor Cisco's security advisories for future patches [1].