Cyber Resilience

CVE-2019-1653

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 24 January 2019

Published
24 January 2019
Modified
28 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9438 100.0th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1653 is a high-severity Improper Access Control (CWE-284) vulnerability in Cisco Rv320 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-14 (Permitted Actions Without Identification or Authentication).

Deeper analysis

The vulnerability is an information disclosure issue in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers. It stems from improper access controls on certain URLs, allowing retrieval of sensitive data such as the full router configuration or detailed diagnostic information without authentication.

An unauthenticated remote attacker can exploit the flaw by sending crafted HTTP or HTTPS requests to the affected device for specific URLs. A successful attack yields direct access to the router's configuration and diagnostics, corresponding to a CVSS 3.1 base score of 7.5 with network attack vector and high confidentiality impact.

Cisco has released firmware updates that address the vulnerability. Public exploit code and proof-of-concept files demonstrating unauthenticated configuration export and diagnostic data retrieval have been posted to sites such as Packet Storm and Seclists.

EU & UK References

Vulnerability details

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An…

more

attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
rv320 firmware
1.4.2.15, 1.4.2.17
cisco
rv325 firmware
1.4.2.15, 1.4.2.17

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access restrictions on management URLs so that unauthenticated remote requests for configuration or diagnostics are denied.

prevent

Limits privileges granted to unauthenticated sessions, preventing exposure of sensitive router data that should require explicit authorization.

prevent

Requires explicit identification and documentation of any actions permitted without authentication, eliminating the unintended exposure of configuration URLs.

References