Back to KEVs

CVE-2019-1653

Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
December 06, 2018
Published Date
January 24, 2019
Last Updated
November 12, 2024
Vendor
Cisco
Product
Cisco Small Business RV Series Router Firmware
Description
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
Tags
cisa nuclei_scanner edge metasploit_scanner

CVSS Scores

CVSS v3.0

7.5 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-05-05 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2019-01-30 14:58:48 UTC) Source

References

https://www.youtube.com/watch?v=bx0RQJDlGbY https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info http://www.securityfocus.com/bid/106732 https://www.exploit-db.com/exploits/46262/ http://seclists.org/fulldisclosure/2019/Mar/60 http://seclists.org/fulldisclosure/2019/Mar/59 https://seclists.org/bugtraq/2019/Mar/54 https://seclists.org/bugtraq/2019/Mar/53 http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.html http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.html http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html https://www.exploit-db.com/exploits/46655/ https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/ https://threatpost.com/scans-cisco-routers-code-execution/141218/

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_rv32x_rce.rb 2025-04-29 11:01:12 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-1653.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ibrahimzx/CVE-2019-1653

Type: github • Created: 2023-03-26 16:36:22 UTC • Stars: 0

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information.

dubfr33/CVE-2019-1653

Type: github • Created: 2019-01-30 14:58:48 UTC • Stars: 1

NSE script to scan for Cisco routers vulnerable to CVE-2019-1653

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel

  • Detected by Nuclei

  • Detected by Metasploit