{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1034830", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034830"}, {"name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6319", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1034830", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034830"}, {"name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:15:13.307Z"}, "title": "CVE Program Container", "references": [{"name": "1034830", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034830"}, {"name": "20160127 Cisco RV220W Management Authentication Bypass Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6319", "datePublished": "2016-01-27T22:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:15:13.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv016_multi-wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "217831DB-FC07-443B-B969-2513ACE0C0AA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "87905EBD-2C32-41C7-933E-168B1A5941F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "0008DDD6-A6A5-46A2-B9A0-1DC807E29E02", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv082_dual_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "37F1D3C2-8CD6-416D-80C2-3ECBB941DA55", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "F95AABA7-ADCF-474B-A1AD-E55EFC09CF2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv120w_wireless-n_vpn_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3562EAC-7DD9-4D7E-8A54-577FAEDFD42B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv130_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A7C79FC-EC93-4832-85EC-E7D5672A7DF4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "4993AC7B-5E6F-4DB5-90D8-3181148BC7B0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv180_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C656EE6-510D-4530-947E-6C1DE46EBC68", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv180w_wireless-n_multifunction_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A68C4AD-0FB1-45FE-BD04-C3DC8A716F3F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "175F8546-DBBB-4C34-9B9A-A39A6E70F2AF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv220w_wireless_network_security_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DD07AB5-E9DA-463F-B017-7A10FD8C2878", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "40BE4E08-761E-44B1-923C-8CAF3EA1B812", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "22E350F7-5E72-4749-BBFE-021A3B838105", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv325_dual_gigabit_wan_wf_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE38F76A-20EB-4A00-A84D-F5F262E7A1AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rv325_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "57228295-609D-4939-9FEF-71EFE6FFEAB6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rvl200_4-port_ssl_ipsec_vpn_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4558947-E413-4283-959A-B7C854BCECE6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:rvs4000_4-port_gigabit_security_router_-_vpn:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D7930A-EC68-4518-BA88-529A3D4F0919", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:wrv200_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*", "matchCriteriaId": "D22C7E67-0F47-416F-80A5-D218C655D275", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:wrv210_wireless-g_vpn_router_-_rangebooster:*:*:*:*:*:*:*:*", "matchCriteriaId": "7618CAE2-22D2-44B1-8FE8-F29101B62D57", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:wrvs4400n_wireless-n_gigabit_security_router_-_vpn_v2.0:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0954EAD-6830-499E-BCE7-4F0FE1DDFE24", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "82E9DB28-1575-415C-BE18-9ADFD6BA66D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "1AE98C62-84E0-435F-A376-984B1819B94C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "EBC77F08-1A4A-46AC-8359-5B20BAA9989B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "FE637ED7-943B-45A3-A0B3-EEAE02A96693", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "AA64F9F9-6843-4A74-8DC4-692B8A7E8394", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "95D5F5BE-8A32-415A-A686-5221C42EFD8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "DCCDA0D3-AF8C-4EC2-8DC8-64322452C697", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "CF064F34-25A3-474E-BCA8-BC135FA4B834", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1DEC997B-96CF-43E6-98C8-D6E469CA471D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.0.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "9B6AD360-866C-4E63-BA54-EAF697560D07", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A0B5DF7C-99D2-4CF9-A0AD-8D6BE5780CA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv_series_router_firmware:1.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F60788C6-2130-4561-B1C8-72B138F2E9B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en la interfaz de gesti\u00f3n basada en web en dispositivos Cisco RV220W permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una cabecera manipulada en una petici\u00f3n HTTP, tambi\u00e9n conocida como Bug ID CSCuv29574."}], "id": "CVE-2015-6319", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-27T22:59:00.100", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1034830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034830"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}