CVE-2017-6620

CVE Database · CVE-2017-6620

CVE-2017-6620

· N/AModified

CVSS v3.1

N/A

EPSS

1.63%

Published

May 3, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.

Weaknesses (CWE)

CWE-264CWE-20

Affected Products (2)

cisco · small_business_rv_series_router_firmwarevulnerable

cisco · small_business_rv_series_router

References (6)

http://www.securityfocus.com/bid/98289

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038395

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2

Vendor Advisory

http://www.securityfocus.com/bid/98289

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038395

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs