An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.
Metrics
Affected Vendors & Products
References
History
Mon, 13 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in Cisco RV Series Router Firmware |
Sun, 12 Jul 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in Cisco RV Series Router Firmware |
Sat, 11 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection via lan_ipv6_prefixlen on Cisco RV Series Routers |
Sat, 11 Jul 2026 05:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection via lan_ipv6_prefixlen on Cisco RV Series Routers |
Fri, 10 Jul 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in Cisco RV130/RV130W 'rc' Binary Allows Root Execution |
Thu, 09 Jul 2026 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | OS Command Injection in Cisco RV130/RV130W 'rc' Binary Allows Root Execution |
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-78 | |
| Metrics |
cvssV3_1
|
Wed, 08 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published: 2026-07-08T00:00:00.000Z
Updated: 2026-07-08T15:45:27.072Z
Reserved: 2026-01-23T00:00:00.000Z
Link: CVE-2026-24699
Updated: 2026-07-08T15:44:39.971Z
No data.
No data.