HomePentest-Tools.com Logo

Cisco Small Business RV Series Confidential Information Decryption Man-in-the-Middle Vulnerability CVE-2015-6358

CVSSv3 Score
Vulnerability description

A vulnerability in the cryptographic implementation of the RV320 Dual Gigabit WAN VPN Router and the RV325 Dual Gigabit WAN VPN Router could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device.

Risk description

The vulnerability is due to the lack of unique key and certificate generation within affected appliances. This is an attack on the client attempting to access the device and does not compromise the device itself. To exploit the issue, an attacker needs not only the public and private key pair but also a privileged position in the network that would allow him or her to monitor the traffic between client and server, intercept the traffic, and modify or inject its own traffic. An attacker could exploit this vulnerability by using the static information to conduct man-in-the-middle attacks to decrypt confidential information on user connections.


Update to Firmware version or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Oct 12, 2017
Detection added at
Software Type
Not available
Not available
Not available