CVE-2019-1653— Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

KEV EPSS 94.38% · P100 Updated Feb 23, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1653

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

访问控制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco Small Business RV320和RV325 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco Small Business RV320和RV325都是美国思科（Cisco）公司的企业级路由器。使用1.4.2.15版本至1.4.2.19版本固件的Cisco Small Business RV320和RV325中基于Web的管理界面存在信息泄露漏洞，该漏洞源于程序对URLs执行了错误的访问控制。远程攻击者可通过HTTP或HTTPS协议连接受影响的设备并请求URLs利用该漏洞检索敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cisco	Cisco Small Business RV Series Router Firmware	n/a	-

II. Public POCs for CVE-2019-1653

#	POC Description	Source Link	Shenlong Link
1	NSE script to scan for Cisco routers vulnerable to CVE-2019-1653	https://github.com/dubfr33/CVE-2019-1653	POC Details
2	Just a PoC tool to extract password using CVE-2019-1653.	https://github.com/shaheemirza/CiscoSpill	POC Details
3	A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information.	https://github.com/ibrahimzx/CVE-2019-1653	POC Details
4	CiscoRV320Dump CVE-2019-1653 - Automatition.	https://github.com/elzerjp/nuclei-CiscoRV320Dump-CVE-2019-1653	POC Details
5	Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-1653.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-1653

请登录查看更多情报信息。

http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-Diagnostic-Data-Retrieval.htmlx_refsource_MISC
https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/x_refsource_MISC
https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/x_refsource_MISC
https://www.youtube.com/watch?v=bx0RQJDlGbYx_refsource_MISC
http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.htmlx_refsource_MISC
https://threatpost.com/scans-cisco-routers-code-execution/141218/x_refsource_MISC
http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-Configuration-Export.htmlx_refsource_MISC
https://www.exploit-db.com/exploits/46655/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/46262/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/106732vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2019/Mar/59mailing-listx_refsource_FULLDISC
https://seclists.org/bugtraq/2019/Mar/53mailing-listx_refsource_BUGTRAQ
https://seclists.org/bugtraq/2019/Mar/54mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2019/Mar/60mailing-listx_refsource_FULLDISC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-infovendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2019-1653

Same Patch Batch · Cisco · 2019-01-24 · 14 CVEs total

CVE-2019-1652		Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
CVE-2019-1655		Cisco Webex Meetings Server Cross-Site Scripting Vulnerability
CVE-2019-1656		Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
CVE-2019-1657		Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
CVE-2019-1658		Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
CVE-2019-1668		Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability
CVE-2019-1669		Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerabi
CVE-2019-1645		Cisco Connected Mobile Experiences Information Disclosure Vulnerability
CVE-2019-1646		Privilege Escalation Vulnerability in Cisco SD-WAN Solution
CVE-2019-1647		Cisco SD-WAN Solution Unauthorized Access Vulnerability
CVE-2019-1648		Cisco SD-WAN Solution Privilege Escalation Vulnerability
CVE-2019-1650		Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
CVE-2019-1651		Cisco SD-WAN Solution Buffer Overflow Vulnerability

IV. Related Vulnerabilities

Same product: Cisco Small Business RV Series Router Firmware

Same vendor: Cisco

Same weakness: CWE-284

V. Comments for CVE-2019-1653

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-1653— Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

I. Basic Information for CVE-2019-1653

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2019-1653

III. Intelligence Information for CVE-2019-1653

Same Patch Batch · Cisco · 2019-01-24 · 14 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-1653

Leave a comment