QwikSec

Security Database

CVE

CWE

Training

CVE-2019-1653

Published: Jan 24, 2019

Modified: Oct 21, 2025

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

Vendor	Product	Versions
Cisco	Cisco Small Business RV Series Router Firmware	affected `n/a`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://www.youtube.com/watch?v=bx0RQJDlGbY

x_refsource_MISC

https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/

x_refsource_MISC

20190123 Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

vendor-advisory

x_refsource_CISCO

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

20190327 [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

mailing-list

x_refsource_FULLDISC

20190327 [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export

mailing-list

x_refsource_FULLDISC

20190327 [RT-SA-2019-004] Cisco RV320 Unauthenticated Diagnostic Data Retrieval

mailing-list

x_refsource_BUGTRAQ

20190327 [RT-SA-2019-003] Cisco RV320 Unauthenticated Configuration Export

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html

x_refsource_MISC

http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html

x_refsource_MISC

http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/

x_refsource_MISC

https://threatpost.com/scans-cisco-routers-code-execution/141218/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.