Home > Cyber News > CVE-2019-1663: Critical Flaw in Cisco Wireless VPN and Firewall Routers

CVE-2019-1663: Critical Flaw in Cisco Wireless VPN and Firewall Routers

A new critical flaw, CVE-2019-1663, residing in Cisco wireless VPN and firewall routers was just reported. Businesses should update immediately to protect against the flaw.

More specifically, CVE-2019-1663 is a serious vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. The exploit could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

According to the official advisory, the vulnerability is triggered by improper validation of user-supplied data in the web-based management interface.

The flaw could be exploited if an attacker sends malicious HTTP requests to a targeted device. As a result of this, the attacker could be able to execute arbitrary code as a high-privilege user.

With that in mind, customers with enabled remote-management feature, a feature which is typically disabled by default, are exposed to a remote attack.

Cisco Products Affected by CVE-2019-1663

The vulnerability affects all releases of the following Cisco products:

RV110W Wireless-N VPN Firewall
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router

The vulnerability has been fixed in RV110W Wireless-N VPN Firewall:, RV130W Wireless-N Multifunction VPN Router:, and RV215W Wireless-N VPN Router:

To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings and then Remote Management. If the Enable box is checked, remote management is enabled for the device, Cisco explains.

It’s not known whether the flaw was exploited in the wild. What is known is that Chinese security researchers revealed the bug during the GeekPwn Shanghai conference which took place in October, 2018. No workarounds are available for this vulnerability.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree