-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2014-028
 
Title: Cisco Small Business Router Password Disclosure Vulnerability [1]
 
Version history:
06.03.2014 Initial publication

Summary
=======
A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device.

CVE numbers: [1] 

CVE-2014-0683	10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
 
Vulnerable systems
==================
The following products are affected by the vulnerability that is described in this advisory:

    Cisco RV110W Wireless-N VPN Firewall running firmware versions 1.2.0.9 and prior
    Cisco RV215W Wireless-N VPN Router running firmware versions 1.1.0.5 and prior
    Cisco CVR100W Wireless-N VPN Router running firmware versions 1.0.1.19 and prior

Original Details
================
The vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability would give an attacker administrative-level access to the web-based administration interface on the affected device.

What can you do?
================
There are patches according to the versions. [1]

What to tell your users?
========================
N/A

More information
================
[1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd

Best regards,
CERT-EU (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu<mailto:cert-eu@ec.europa.eu>
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJTGJBCAAoJEPpzpNLI8SVo8DUQAI2K8jwORgLcVYpqKzbZQjBH
EZPg9Hy+bB77XjmLKV6tihNnDJp5rKkRRyzA8q6WzeXR7BEtucn4yvMUpF05AV3S
Rd/3Xsja6kWJsW+sUcPrW2Sn0joLo3bdpVSx9arHgxE9DsRLIsxXsIsiZV667JtY
StpV+dZcSOT6lALlPXfTobRu9+q8oBEOViwsrVdOhgLfr3mbQNYLE4QShwXIQS3U
cf8rYVyixGWj5ayYzCLrGosAChfYGxbd3tcHRn3BgtL5gVbDWq+kjNqRhzLuRZut
EbmIuJevxcCv4K88HL5ljF1r337YRdElyp2f04LfVOMCltr4GDAb2WoJSw8xRbt2
SzbmEuJ5b8ZfA299h5XVOS9FQGrDBbetqdbeawNlh+H6G7HEb2aPncnfWH+h0j1d
IaQidlg6YnIkcwEfl+oLnpj0QoY9Nm+FNqj0CAbfDUQBoE8sbJGfWDo1WzOqcfyZ
812mevDCM3s2IsPxws2Mc9I15NjRzG52HHY+qTFXdoZ29GHxdLEKFbKT9kHHiirw
f6J5DUr3zkVlwHsXWUGaV5s4agfbU/zS/8Mpfb2xvPjWUuOoO2cFkJF/vFVcNXF+
wkPGXdm2L2kSRVaipnZzo4sdO6jkjpn2qNH81dzccARsCFpiOBwV3cNV5gTrk348
AQvnan5P/PhFCbKu68oq
=L1Xp
-----END PGP SIGNATURE-----