An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-78 | |
| Metrics |
cvssV3_1
|
Wed, 08 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-08T15:47:34.791Z
Reserved: 2026-01-23T00:00:00.000Z
Link: CVE-2026-24697
Updated: 2026-07-08T15:47:07.862Z
No data.
No data.
OpenCVE Enrichment
No data.