Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2021/Apr/39 | Mailing List Third Party Advisory |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
05 Aug 2022, 17:36
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
23 Apr 2021, 13:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/Apr/39 - Mailing List, Third Party Advisory |
20 Apr 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Apr 2021, 17:54
Type | Values Removed | Values Added |
---|---|---|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx - Vendor Advisory | |
CPE | cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
08 Apr 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. |
08 Apr 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-08 04:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-1472
Mitre link : CVE-2021-1472
CVE.ORG link : CVE-2021-1472
JSON object : View
Products Affected
cisco
- rv160_firmware
- rv260p
- rv260_firmware
- rv340w
- rv345_firmware
- rv260w_firmware
- rv160w_firmware
- rv260w
- rv340_firmware
- rv260
- rv160w
- rv260p_firmware
- rv160
- rv340
- rv345p_firmware
- rv345
- rv345p
- rv340w_firmware