Description

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Related CPE's

o

cisco

rv160_firmware

Vulnerable

h

cisco

rv160

-

o

cisco

rv160w_firmware

Vulnerable

h

cisco

rv160w

-

o

cisco

rv260_firmware

Vulnerable

h

cisco

rv260

-

o

cisco

rv260p_firmware

Vulnerable

h

cisco

rv260p

-

o

cisco

rv260w_firmware

Vulnerable

h

cisco

rv260w

-

o

cisco

rv340_firmware

Vulnerable

h

cisco

rv340

-

o

cisco

rv340w_firmware

Vulnerable

h

cisco

rv340w

-

o

cisco

rv345_firmware

Vulnerable

h

cisco

rv345

-

o

cisco

rv345p_firmware

Vulnerable

h

cisco

rv345p

-

References

http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Apr/39

Mailing ListThird Party Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-287

[email protected]

Secondary
CWE-119

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-08T04:15:13.687

4 years ago

Last modified

2023-11-07T03:28:23.127

1 year ago