Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Command Injection in Cisco RV130 and RV110 Router Firmware via Unsanitized Model Name |
Thu, 09 Jul 2026 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Command Injection in Cisco RV130 and RV110 Router Firmware via Unsanitized Model Name |
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-78 | |
| Metrics |
cvssV3_1
|
Wed, 08 Jul 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An OS command injection vulnerability exists in the save_syslog_to_file() function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The model_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges. | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-08T15:45:48.489Z
Reserved: 2026-01-23T00:00:00.000Z
Link: CVE-2026-24698
Updated: 2026-07-08T15:40:58.521Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T06:15:04Z