Cyber Resilience

CVE-2019-15271

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 26 November 2019

Published
26 November 2019
Modified
28 October 2025
KEV Added
08 June 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0560 90.5th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-15271 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Cisco Rv016 Multi-Wan Vpn Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 9.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability tracked as CVE-2019-15271 exists in the web-based management interface of certain Cisco Small Business RV Series Routers. The flaw is caused by insufficient input validation of HTTP payloads and is associated with CWE-502. It permits an authenticated remote attacker to execute arbitrary commands with root privileges on affected devices.

An attacker who possesses either valid administrative credentials or an active session token can exploit the issue by submitting a crafted HTTP request to the management interface. Successful exploitation grants full root-level command execution, potentially allowing complete control over the router's configuration and traffic.

Cisco's security advisory provides mitigation guidance including software updates for impacted RV Series models, while CISA lists the CVE in its catalog of known exploited vulnerabilities, underscoring the importance of applying patches promptly to prevent remote compromise.

EU & UK References

Vulnerability details

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session…

more

token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
rv016 multi-wan vpn firmware
≤ 4.2.3.10
cisco
rv042 dual wan vpn firmware
≤ 4.2.3.10
cisco
rv042g dual gigabit wan vpn firmware
≤ 4.2.3.10
cisco
rv082 dual wan vpn firmware
≤ 4.2.3.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of HTTP input payloads to block the crafted requests that enable root command execution.

prevent

Mandates prompt application of vendor patches that remediate the input-validation flaw in the web management interface.

prevent

Enforces least-privilege restrictions so that even an authenticated session cannot obtain unrestricted root command execution.

References