Vulnerabilites related to cisco - rv215w_wireless-n_vpn_router_firmware
cve-2021-1170
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1170", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:29:26.657093Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:39.552Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:04", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1170", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1170", datePublished: "2021-01-13T21:36:04.092734Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:39.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1153
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:54.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1153", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:53:37.738548Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:46.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:39", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1153", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1153", datePublished: "2021-01-13T21:37:39.168775Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:46.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3331
Vulnerability from cvelistv5
Published
2020-07-16 17:20
Modified
2024-11-15 16:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RV110W Wireless-N VPN Firewall Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:57.923Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200715 Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3331", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:19:32.671953Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T16:55:20.362Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco RV110W Wireless-N VPN Firewall Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-07-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T17:20:55", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200715 Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb", }, ], source: { advisory: "cisco-sa-code-exec-wH3BNFb", defect: [ [ "CSCvs50861", "CSCvs50862", ], ], discovery: "INTERNAL", }, title: "Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-07-15T16:00:00", ID: "CVE-2020-3331", STATE: "PUBLIC", TITLE: "Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco RV110W Wireless-N VPN Firewall Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "9.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "20200715 Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb", }, ], }, source: { advisory: "cisco-sa-code-exec-wH3BNFb", defect: [ [ "CSCvs50861", "CSCvs50862", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3331", datePublished: "2020-07-16T17:20:56.075773Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T16:55:20.362Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1214
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.263Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1214", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:34:46.126672Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:11.960Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:26", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1214", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1214", datePublished: "2021-01-13T21:16:26.529627Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:11.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1156
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.770Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1156", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:53:59.551882Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:07.520Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:24", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1156", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1156", datePublished: "2021-01-13T21:37:24.881748Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:07.520Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1149
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1149", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:04.743703Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:13.693Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:57", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1149", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], }, source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1149", datePublished: "2021-01-13T21:37:57.837420Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:13.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1215
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.378Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1215", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:34:40.354639Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:05.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:30", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1215", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1215", datePublished: "2021-01-13T21:16:30.931488Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:05.512Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3323
Vulnerability from cvelistv5
Published
2020-07-16 17:20
Modified
2024-11-15 16:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:58.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3323", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:19:35.748050Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T16:55:41.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-07-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T17:20:46", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp", }, ], source: { advisory: "cisco-sa-rv-rce-AQKREqp", defect: [ [ "CSCvr97864", "CSCvr97884", "CSCvr97889", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-07-15T16:00:00", ID: "CVE-2020-3323", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "9.8", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp", }, ], }, source: { advisory: "cisco-sa-rv-rce-AQKREqp", defect: [ [ "CSCvr97864", "CSCvr97884", "CSCvr97889", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3323", datePublished: "2020-07-16T17:20:47.027185Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T16:55:41.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1160
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.958Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1160", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:15.932504Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:35.065Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:05", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1160", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1160", datePublished: "2021-01-13T21:37:05.585224Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:35.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1173
Vulnerability from cvelistv5
Published
2021-01-13 21:35
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.998Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1173", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:30:10.231792Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:58.335Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:35:46", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1173", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1173", datePublished: "2021-01-13T21:35:47.062099Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:58.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1157
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1157", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:54:03.250831Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:14.956Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:19", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1157", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1157", datePublished: "2021-01-13T21:37:19.440911Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:14.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1166
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.662Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1166", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:29:17.770974Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:15.216Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:34", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1166", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1166", datePublished: "2021-01-13T21:36:34.369308Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:15.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1396
Vulnerability from cvelistv5
Published
2016-06-19 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036114 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:55:14.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1", }, { name: "1036114", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036114", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-15T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1", }, { name: "1036114", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036114", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1396", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1", }, { name: "1036114", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036114", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1396", datePublished: "2016-06-19T01:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:55:14.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1208
Vulnerability from cvelistv5
Published
2021-01-13 21:15
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.146Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1208", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:35:18.850032Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:55.580Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:15:56", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1208", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1208", datePublished: "2021-01-13T21:15:56.277823Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:55.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1168
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1168", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:29:20.306943Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:23.969Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:22", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1168", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1168", datePublished: "2021-01-13T21:36:22.490020Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:23.969Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6396
Vulnerability from cvelistv5
Published
2016-08-08 00:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1 | vendor-advisory, x_refsource_CISCO | |
| https://www.exploit-db.com/exploits/45986/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/92269 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036528 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:21.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1", }, { name: "45986", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45986/", }, { name: "92269", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92269", }, { name: "1036528", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036528", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-03T00:00:00", descriptions: [ { lang: "en", value: "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-15T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1", }, { name: "45986", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45986/", }, { name: "92269", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92269", }, { name: "1036528", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036528", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6396", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20160803 Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1", }, { name: "45986", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45986/", }, { name: "92269", refsource: "BID", url: "http://www.securityfocus.com/bid/92269", }, { name: "1036528", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036528", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6396", datePublished: "2016-08-08T00:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:22:21.064Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1177
Vulnerability from cvelistv5
Published
2021-01-13 21:20
Modified
2024-11-12 20:46
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1177", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:34:21.701051Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:46:53.863Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:20:47", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1177", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1177", datePublished: "2021-01-13T21:20:48.056405Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:46:53.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1186
Vulnerability from cvelistv5
Published
2021-01-13 21:21
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1186", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:32:41.647615Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:47.993Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:21:31", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1186", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1186", datePublished: "2021-01-13T21:21:31.733088Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:47.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1165
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1165", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:57.196351Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:08.847Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:39", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1165", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1165", datePublished: "2021-01-13T21:36:39.389783Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:08.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1188
Vulnerability from cvelistv5
Published
2021-01-13 21:21
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1188", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:32:16.046970Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:34.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:21:42", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1188", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1188", datePublished: "2021-01-13T21:21:42.692928Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:34.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6397
Vulnerability from cvelistv5
Published
2016-08-08 00:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92273 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036524 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:21.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92273", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92273", }, { name: "20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2", }, { name: "1036524", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036524", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-03T00:00:00", descriptions: [ { lang: "en", value: "Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-15T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "92273", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92273", }, { name: "20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2", }, { name: "1036524", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036524", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6397", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "92273", refsource: "BID", url: "http://www.securityfocus.com/bid/92273", }, { name: "20160803 Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2", }, { name: "1036524", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036524", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6397", datePublished: "2016-08-08T00:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:22:21.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1209
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1209", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:35:16.215695Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:46.982Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1209", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1209", datePublished: "2021-01-13T21:16:00.902136Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:46.982Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1146
Vulnerability from cvelistv5
Published
2021-01-13 21:40
Modified
2024-11-12 20:40
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:54.926Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1146", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:27:51.354140Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:40:21.261Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:40:16", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1146", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], }, source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1146", datePublished: "2021-01-13T21:40:16.223208Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:40:21.261Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1193
Vulnerability from cvelistv5
Published
2021-01-13 21:22
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1193", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:31:44.892622Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:07.992Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:22:03", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1193", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1193", datePublished: "2021-01-13T21:22:03.738169Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:07.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1169
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.666Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1169", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:29:23.815077Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:31.430Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:17", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1169", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1169", datePublished: "2021-01-13T21:36:17.717811Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:31.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1172
Vulnerability from cvelistv5
Published
2021-01-13 21:35
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.926Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1172", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:30:00.653726Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:51.233Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:35:53", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1172", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1172", datePublished: "2021-01-13T21:35:53.546060Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:51.233Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1159
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1159", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:09.626349Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:28.747Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:10", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1159", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1159", datePublished: "2021-01-13T21:37:10.388126Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:28.747Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1167
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-08 18:03
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO | |
| http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.791Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1167", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T18:03:27.745033Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T18:03:40.396Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-14T16:06:10", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1167", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { name: "http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1167", datePublished: "2021-01-13T21:36:27.640767Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T18:03:40.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1155
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1155", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:53:53.743956Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:59.341Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:29", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1155", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1155", datePublished: "2021-01-13T21:37:29.604349Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:59.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1194
Vulnerability from cvelistv5
Published
2021-01-13 21:22
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.003Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1194", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:31:34.919896Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:00.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:22:07", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1194", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1194", datePublished: "2021-01-13T21:22:08.081429Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:00.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34730
Vulnerability from cvelistv5
Published
2021-08-18 19:40
Modified
2024-11-07 22:03
Severity ?
EPSS score ?
Summary
A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:19:48.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210818 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34730", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T21:55:58.462216Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T22:03:55.301Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-08-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T19:40:27", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210818 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5", }, ], source: { advisory: "cisco-sa-cisco-sb-rv-overflow-htpymMB5", defect: [ [ "CSCvz05607", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-08-18T16:00:00", ID: "CVE-2021-34730", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "9.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210818 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5", }, ], }, source: { advisory: "cisco-sa-cisco-sb-rv-overflow-htpymMB5", defect: [ [ "CSCvz05607", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-34730", datePublished: "2021-08-18T19:40:27.447795Z", dateReserved: "2021-06-15T00:00:00", dateUpdated: "2024-11-07T22:03:55.301Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1178
Vulnerability from cvelistv5
Published
2021-01-13 21:20
Modified
2024-11-12 20:46
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1178", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:34:12.154900Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:46:47.493Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:20:53", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1178", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1178", datePublished: "2021-01-13T21:20:53.784787Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:46:47.493Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1175
Vulnerability from cvelistv5
Published
2021-01-13 21:35
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1175", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:30:16.909933Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:12.843Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:35:36", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1175", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1175", datePublished: "2021-01-13T21:35:37.034064Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:12.843Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1158
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.410Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1158", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:54:06.685761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:22.209Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:14", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1158", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1158", datePublished: "2021-01-13T21:37:14.915522Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:22.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1174
Vulnerability from cvelistv5
Published
2021-01-13 21:35
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.844Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1174", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:30:14.066369Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:05.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:35:42", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1174", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1174", datePublished: "2021-01-13T21:35:42.340062Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:05.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1187
Vulnerability from cvelistv5
Published
2021-01-13 21:21
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.353Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1187", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:32:25.665119Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:41.361Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:21:36", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1187", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1187", datePublished: "2021-01-13T21:21:36.320871Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:41.361Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1207
Vulnerability from cvelistv5
Published
2021-01-13 21:15
Modified
2024-11-12 20:50
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1207", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:35:28.281318Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:50:02.980Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:15:51", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1207", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1207", datePublished: "2021-01-13T21:15:51.842794Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:50:02.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1217
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:48
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1217", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:34:28.180234Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:48:51.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:44", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1217", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1217", datePublished: "2021-01-13T21:16:44.225412Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:48:51.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1148
Vulnerability from cvelistv5
Published
2021-01-13 21:38
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:54.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1148", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:02.885796Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:06.016Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:38:02", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1148", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], }, source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1148", datePublished: "2021-01-13T21:38:02.404877Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:06.016Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1152
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1152", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:53:21.968909Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:37.751Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:43", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1152", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1152", datePublished: "2021-01-13T21:37:43.802016Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:37.751Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1198
Vulnerability from cvelistv5
Published
2021-01-13 21:22
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1198", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:31:05.415489Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:33.649Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:22:28", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1198", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1198", datePublished: "2021-01-13T21:22:29.000786Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:33.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1163
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.951Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1163", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:28.434770Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:55.042Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:48", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1163", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1163", datePublished: "2021-01-13T21:36:48.980182Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:55.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1176
Vulnerability from cvelistv5
Published
2021-01-13 21:35
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.933Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1176", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:30:31.649596Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:19.940Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:35:32", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1176", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1176", datePublished: "2021-01-13T21:35:32.484316Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:19.940Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1171
Vulnerability from cvelistv5
Published
2021-01-13 21:35
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1171", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:29:40.515197Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:45.107Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:35:58", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1171", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1171", datePublished: "2021-01-13T21:35:58.347899Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:45.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1189
Vulnerability from cvelistv5
Published
2021-01-13 21:10
Modified
2024-11-12 20:53
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.935Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1189", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:36:07.984883Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:53:32.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:10:14", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1189", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1189", datePublished: "2021-01-13T21:10:14.367152Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:53:32.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1197
Vulnerability from cvelistv5
Published
2021-01-13 21:22
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1197", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:31:16.064587Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:40.080Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:22:23", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1197", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1197", datePublished: "2021-01-13T21:22:23.467038Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:40.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1395
Vulnerability from cvelistv5
Published
2016-06-19 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036113 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:55:14.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036113", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036113", }, { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-15T00:00:00", descriptions: [ { lang: "en", value: "The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1036113", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036113", }, { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1395", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036113", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036113", }, { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1395", datePublished: "2016-06-19T01:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:55:14.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1196
Vulnerability from cvelistv5
Published
2021-01-13 21:22
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1196", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:31:22.960404Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:47.264Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:22:18", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1196", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1196", datePublished: "2021-01-13T21:22:18.126745Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:47.264Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1212
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.122Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1212", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:35:03.443772Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:27.180Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:17", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1212", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1212", datePublished: "2021-01-13T21:16:17.091837Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:27.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1210
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1210", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:35:13.281679Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:39.759Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:05", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1210", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1210", datePublished: "2021-01-13T21:16:06.043080Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:39.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1195
Vulnerability from cvelistv5
Published
2021-01-13 21:22
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.991Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1195", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:31:27.207687Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:54.440Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:22:13", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1195", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1195", datePublished: "2021-01-13T21:22:13.541458Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:54.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1206
Vulnerability from cvelistv5
Published
2021-01-13 21:15
Modified
2024-11-12 20:50
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1206", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:35:29.999430Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:50:10.202Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:15:46", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1206", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1206", datePublished: "2021-01-13T21:15:46.847203Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:50:10.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1211
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1211", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:35:09.738802Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:33.280Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:10", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1211", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1211", datePublished: "2021-01-13T21:16:10.687932Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:33.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1147
Vulnerability from cvelistv5
Published
2021-01-13 21:38
Modified
2024-11-12 20:40
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:54.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1147", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:00.168422Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:40:31.594Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:38:06", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1147", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], }, source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1147", datePublished: "2021-01-13T21:38:07.065527Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:40:31.594Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1164
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1164", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:48.271995Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:43:02.402Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:43", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1164", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1164", datePublished: "2021-01-13T21:36:43.975567Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:43:02.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1185
Vulnerability from cvelistv5
Published
2021-01-13 21:21
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1185", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:32:57.204890Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:54.843Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:21:26", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1185", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1185", datePublished: "2021-01-13T21:21:26.952959Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:54.843Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1216
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:48
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1216", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:34:36.279754Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:48:59.048Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:38", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1216", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1216", datePublished: "2021-01-13T21:16:39.075598Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:48:59.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3332
Vulnerability from cvelistv5
Published
2020-07-16 17:21
Modified
2024-11-15 16:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco RV130W Wireless-N Multifunction VPN Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:58.215Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3332", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:27:23.606088Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T16:55:10.224Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco RV130W Wireless-N Multifunction VPN Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-07-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T17:21:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy", }, ], source: { advisory: "cisco-sa-cmd-shell-injection-9jOQn9Dy", defect: [ [ "CSCvs50846", "CSCvs50849", "CSCvs50853", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-07-15T16:00:00", ID: "CVE-2020-3332", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco RV130W Wireless-N Multifunction VPN Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78", }, ], }, ], }, references: { reference_data: [ { name: "20200715 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy", }, ], }, source: { advisory: "cisco-sa-cmd-shell-injection-9jOQn9Dy", defect: [ [ "CSCvs50846", "CSCvs50849", "CSCvs50853", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3332", datePublished: "2020-07-16T17:21:00.535701Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T16:55:10.224Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1162
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1162", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:25.072986Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:48.210Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:54", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1162", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1162", datePublished: "2021-01-13T21:36:54.876486Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:48.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-1397
Vulnerability from cvelistv5
Published
2016-06-19 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1036115 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:55:14.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2", }, { name: "1036115", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036115", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-15T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-31T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2", }, { name: "1036115", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036115", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-1397", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20160615 Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2", }, { name: "1036115", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036115", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-1397", datePublished: "2016-06-19T01:00:00", dateReserved: "2016-01-04T00:00:00", dateUpdated: "2024-08-05T22:55:14.310Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1154
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.407Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1154", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:53:47.034635Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:52.548Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:34", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1154", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1154", datePublished: "2021-01-13T21:37:34.474752Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:52.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1184
Vulnerability from cvelistv5
Published
2021-01-13 21:21
Modified
2024-11-12 20:46
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1184", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:33:12.492807Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:46:01.867Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:21:22", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1184", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1184", datePublished: "2021-01-13T21:21:22.574184Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:46:01.867Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1151
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.412Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1151", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:53:14.797503Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:30.564Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:48", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1151", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], }, source: { advisory: "cisco-sa-rv-stored-xss-LPTQ3EQC", defect: [ [ "CSCvw07024", "CSCvw07026", "CSCvw07033", "CSCvw07037", "CSCvw07038", "CSCvw07041", "CSCvw07045", "CSCvw07049", "CSCvw08534", "CSCvw08538", "CSCvw08543", "CSCvw08546", "CSCvw08548", "CSCvw08551", "CSCvw08553", "CSCvw08562", "CSCvw08566", "CSCvw08571", "CSCvw08574", "CSCvw08577", "CSCvw08583", "CSCvw08588", "CSCvw08589", "CSCvw08593", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1151", datePublished: "2021-01-13T21:37:48.318298Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:30.564Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1213
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:49
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1213", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:34:50.331477Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:49:17.718Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:21", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1213", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1213", datePublished: "2021-01-13T21:16:21.938658Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:49:17.718Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1150
Vulnerability from cvelistv5
Published
2021-01-13 21:37
Modified
2024-11-12 20:41
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:54.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1150", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:07.758273Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:41:22.561Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:37:52", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1150", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], }, source: { advisory: "cisco-sa-rv-command-inject-LBdQ2KRN", defect: [ [ "CSCvv96723", "CSCvv96725", "CSCvv96726", "CSCvv96727", "CSCvw49751", "CSCvw49774", "CSCvw49777", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1150", datePublished: "2021-01-13T21:37:52.866742Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:41:22.561Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1161
Vulnerability from cvelistv5
Published
2021-01-13 21:36
Modified
2024-11-12 20:42
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.430Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1161", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:28:21.333702Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:42:41.518Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:36:59", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1161", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1161", datePublished: "2021-01-13T21:36:59.874796Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:42:41.518Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1199
Vulnerability from cvelistv5
Published
2021-01-13 21:22
Modified
2024-11-12 20:44
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1199", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:30:51.165282Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:44:26.694Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:22:33", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1199", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1199", datePublished: "2021-01-13T21:22:33.330191Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:44:26.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1192
Vulnerability from cvelistv5
Published
2021-01-13 21:21
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1192", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:31:51.305961Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:14.929Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:21:58", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1192", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1192", datePublished: "2021-01-13T21:21:58.659524Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:14.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1151", lastModified: "2024-11-21T05:43:42.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.223", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1211", lastModified: "2024-11-21T05:43:50.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.787", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1186", lastModified: "2024-11-21T05:43:46.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.897", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1196", lastModified: "2024-11-21T05:43:48.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.613", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1187", lastModified: "2024-11-21T05:43:46.967", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.973", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1155", lastModified: "2024-11-21T05:43:42.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.553", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto inyectar comandos arbitrarios que son ejecutados con privilegios root. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo apuntado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en un dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1146", lastModified: "2024-11-21T05:43:41.413", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:14.863", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1192", lastModified: "2024-11-21T05:43:47.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.350", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1184", lastModified: "2024-11-21T05:43:46.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.757", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1170", lastModified: "2024-11-21T05:43:44.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.770", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto inyectar comandos arbitrarios que son ejecutados con privilegios root. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo apuntado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en un dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1148", lastModified: "2024-11-21T05:43:41.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.007", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1188", lastModified: "2024-11-21T05:43:47.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.037", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto inyectar comandos arbitrarios que son ejecutados con privilegios root. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo apuntado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en un dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1150", lastModified: "2024-11-21T05:43:41.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.160", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1175", lastModified: "2024-11-21T05:43:45.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.130", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1159", lastModified: "2024-11-21T05:43:43.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.880", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-19 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.0.21:*:*:*:*:*:*:*", matchCriteriaId: "0081BB31-AA51-4E6F-BDC0-62F4E4388F5B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "A9638155-20F1-469E-B13C-2334713B8CAD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "1BAB434B-FADE-40F4-9478-1DC063FE0F2C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "25E45E45-4533-4E9E-B542-606B9EAB3D69", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "58A90A10-CC3F-4743-8FAA-0C8CDCFC1BBD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "89375F30-1ACD-46AF-898F-176546BFF078", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "0A9FB3B1-1669-4B07-849C-7DAF013234F2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "939B5242-6224-4BA7-88CA-467D5350987A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "482ABE1F-7DEF-4E24-9696-8030DAD98598", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E4C8D001-6827-4DB4-AC6D-83365FD622A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "BF38D8F0-2400-431A-8BFA-48E5D9CB7E33", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "5D0624E0-993B-43AE-9D61-4DCA3E39ADAB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428.", }, { lang: "es", value: "Interfaz de gestión basada en web en dispositivos Cisco RV110W con firmware en versiones anteriores a 1.2.1.7, dispositivos RV130W con firmware en versiones anteriores a 1.0.3.16 y dispositivos RV215W con firmware en versiones anteriores a 1.3.0.8 permite a atacantes remotos ejecutar código arbitrario como root a través de una petición HTTP manipulada, también conocido como Bug ID CSCux82428.", }, ], id: "CVE-2016-1395", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-19T01:59:03.077", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1036113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036113", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1172", lastModified: "2024-11-21T05:43:45.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.910", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1171", lastModified: "2024-11-21T05:43:44.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.850", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "DF7B6E7F-355A-4055-8CB0-75CFD0645F73", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AF47C9BB-807F-4432-8EDE-7077123C00D7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1F1E09B2-B5DF-49AE-B4DC-87E161A40700", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7E92AF-4DC3-4756-A123-40094B0FC41F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1217", lastModified: "2024-11-21T05:43:51.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:20.257", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1197", lastModified: "2024-11-21T05:43:48.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.693", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1165", lastModified: "2024-11-21T05:43:44.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.380", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1163", lastModified: "2024-11-21T05:43:43.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.193", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto inyectar comandos arbitrarios que son ejecutados con privilegios root. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo apuntado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en un dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1147", lastModified: "2024-11-21T05:43:41.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:14.943", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1208", lastModified: "2024-11-21T05:43:49.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.553", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1178", lastModified: "2024-11-21T05:43:45.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.350", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1164", lastModified: "2024-11-21T05:43:43.873", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.270", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-18 20:15
Modified
2024-11-21 06:11
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "DF7B6E7F-355A-4055-8CB0-75CFD0645F73", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AF47C9BB-807F-4432-8EDE-7077123C00D7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1F1E09B2-B5DF-49AE-B4DC-87E161A40700", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7E92AF-4DC3-4756-A123-40094B0FC41F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad en el servicio Universal Plug-and-Play (UPnP) de los Routers Cisco Small Business RV110W, RV130, RV130W y RV215W, podría permitir a un atacante no autenticado remoto ejecutar código arbitrario o hacer que un dispositivo afectado se reinicie inesperadamente, resultando en una condición de denegación de servicio (DoS). Esta vulnerabilidad es debido a una comprobación inapropiada del tráfico UPnP entrante. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición UPnP diseñada a un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de DoS. Cisco no ha publicado actualizaciones de software que aborden esta vulnerabilidad.", }, ], id: "CVE-2021-34730", lastModified: "2024-11-21T06:11:04.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-18T20:15:07.447", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1185", lastModified: "2024-11-21T05:43:46.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.833", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 21:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1189", lastModified: "2024-11-21T05:43:47.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T21:15:12.723", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-08-08 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CAFE09F-6166-42EC-989A-713011997722", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C35AFC54-7925-48F9-BA4E-9ACF73DC2723", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B912FFCC-F481-4C39-8E05-BD6CC1FA12A1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.", }, { lang: "es", value: "Dispositivos Cisco RV110W, RV130W y RV215W tiene una configuración RBAC incorrecta para la cuenta por defecto, lo que permite a usuarios remotos autenticados obtener acceso root a través de un inicio de sesión con esa cuenta, también conocido como Bug IDs CSCuv90139, CSCux58175 y CSCux73557.", }, ], id: "CVE-2015-6397", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-08T00:59:01.267", references: [ { source: "psirt@cisco.com", tags: [ "Mitigation", "VDB Entry", "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/92273", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1036524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "VDB Entry", "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92273", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036524", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1199", lastModified: "2024-11-21T05:43:48.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.850", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1162", lastModified: "2024-11-21T05:43:43.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.113", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1195", lastModified: "2024-11-21T05:43:48.007", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.553", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1209", lastModified: "2024-11-21T05:43:50.000", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.630", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-08-08 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CAFE09F-6166-42EC-989A-713011997722", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C35AFC54-7925-48F9-BA4E-9ACF73DC2723", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B912FFCC-F481-4C39-8E05-BD6CC1FA12A1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.", }, { lang: "es", value: "El analizador de comandos CLI en dispositivos Cisco RV110W, RV130W y RV215W permite a usuarios locales ejecutar comandos shell arbitrarios como un administrador a través de parámetros manipulados, también conocido como Bug IDs CSCuv90134, CSCux58161 y CSCux73567.", }, ], id: "CVE-2015-6396", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-08T00:59:00.140", references: [ { source: "psirt@cisco.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/92269", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1036528", }, { source: "psirt@cisco.com", url: "https://www.exploit-db.com/exploits/45986/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92269", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036528", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/45986/", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1214", lastModified: "2024-11-21T05:43:50.717", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:20.007", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 18:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA11233-FA93-4820-871B-FD12C27E8BBD", versionEndExcluding: "1.2.2.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AAF1D812-B3B4-4D59-AFDF-0E4C7095584B", versionEndExcluding: "1.0.3.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3F13CA0-C66C-4BC6-95F2-23F84CAA9B35", versionEndExcluding: "1.0.3.54", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADE7F490-F557-4E7F-BFC0-9C01286585BF", versionEndExcluding: "1.3.1.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Small Busines RV110W, RV130, RV130W y Routers RV215W podría permitir a un atacante remoto no autenticado ejecutar código arbitrario en un dispositivo afectado. La vulnerabilidad es debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones HTTP diseñadas hacia un dispositivo objetivo. Una explotación con éxito podría permitir a un atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente del dispositivo afectado", }, ], id: "CVE-2020-3323", lastModified: "2024-11-21T05:30:48.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T18:15:17.157", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1174", lastModified: "2024-11-21T05:43:45.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.053", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1152", lastModified: "2024-11-21T05:43:42.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.303", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-19 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "25E45E45-4533-4E9E-B542-606B9EAB3D69", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "58A90A10-CC3F-4743-8FAA-0C8CDCFC1BBD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "89375F30-1ACD-46AF-898F-176546BFF078", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "0A9FB3B1-1669-4B07-849C-7DAF013234F2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "939B5242-6224-4BA7-88CA-467D5350987A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "482ABE1F-7DEF-4E24-9696-8030DAD98598", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E4C8D001-6827-4DB4-AC6D-83365FD622A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "BF38D8F0-2400-431A-8BFA-48E5D9CB7E33", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "5D0624E0-993B-43AE-9D61-4DCA3E39ADAB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.0.21:*:*:*:*:*:*:*", matchCriteriaId: "0081BB31-AA51-4E6F-BDC0-62F4E4388F5B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "A9638155-20F1-469E-B13C-2334713B8CAD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "1BAB434B-FADE-40F4-9478-1DC063FE0F2C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.", }, { lang: "es", value: "Desbordamiento de buffer en la interfaz de gestión basada en web en dispositivos Cisco RV110W con firmware en versiones anteriores a 1.2.1.7, dispositivos RV130W con firmware en versiones anteriores a 1.0.3.16 y dispositivos RV215W con firmware en versiones anteriores a 1.3.0.8 permite a usuarios remotos autenticados provocar una denegación de servicio (recarga del dispositivo) a través de comandos de configuración manipulados en una petición HTTP, también conocido como Bug ID CSCux82523.", }, ], id: "CVE-2016-1397", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-19T01:59:05.107", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1036115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036115", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1154", lastModified: "2024-11-21T05:43:42.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.473", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1213", lastModified: "2024-11-21T05:43:50.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.927", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1212", lastModified: "2024-11-21T05:43:50.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.863", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1161", lastModified: "2024-11-21T05:43:43.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.037", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 18:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA11233-FA93-4820-871B-FD12C27E8BBD", versionEndExcluding: "1.2.2.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADE7F490-F557-4E7F-BFC0-9C01286585BF", versionEndExcluding: "1.3.1.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco RV110W Wireless-N VPN Firewall y Cisco RV215W Wireless-N VPN Router, podría permitir a un atacante remoto no autenticado ejecutar código arbitrario en un dispositivo afectado. La vulnerabilidad es debido a una comprobación inapropiada de los datos de entrada suministrados por un usuario mediante la interfaz de administración basada en web. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones diseñadas hacia un dispositivo objetivo. Una explotación con éxito podría permitir a un atacante ejecutar código arbitrario con los privilegios del usuario root", }, ], id: "CVE-2020-3331", lastModified: "2024-11-21T05:30:49.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T18:15:17.377", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1157", lastModified: "2024-11-21T05:43:42.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.707", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1166", lastModified: "2024-11-21T05:43:44.160", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.473", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto inyectar comandos arbitrarios que son ejecutados con privilegios root. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo apuntado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en un dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1149", lastModified: "2024-11-21T05:43:41.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.083", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1194", lastModified: "2024-11-21T05:43:47.873", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.490", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1158", lastModified: "2024-11-21T05:43:42.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.803", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1173", lastModified: "2024-11-21T05:43:45.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.990", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1215", lastModified: "2024-11-21T05:43:50.857", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:20.083", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1193", lastModified: "2024-11-21T05:43:47.743", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.410", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1160", lastModified: "2024-11-21T05:43:43.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.957", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1206", lastModified: "2024-11-21T05:43:49.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.380", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-16 18:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FA11233-FA93-4820-871B-FD12C27E8BBD", versionEndExcluding: "1.2.2.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE753751-F569-43C9-A9B8-89C942AF5CC6", versionEndExcluding: "1.0.3.55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "65A13396-B0C0-4419-AE91-CDD8CD77B6C6", versionEndExcluding: "1.0.3.55", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADE7F490-F557-4E7F-BFC0-9C01286585BF", versionEndExcluding: "1.3.1.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Small Business RV110W, RV130, RV130W, y RV215W Series Routers, podría permitir a un atacante remoto autenticado inyectar comandos de shell arbitrarios que son ejecutados por un dispositivo afectado. La vulnerabilidad es debido a una comprobación de entrada insuficiente de los datos suministrados por el usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición diseñada a la interfaz de administración basada en web de un dispositivo afectado. Una explotación con éxito podría permitir a un atacante ejecutar comandos o scripts de shell arbitrarios con privilegios root en el dispositivo afectado", }, ], id: "CVE-2020-3332", lastModified: "2024-11-21T05:30:49.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-16T18:15:17.457", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1168", lastModified: "2024-11-21T05:43:44.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.630", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1210", lastModified: "2024-11-21T05:43:50.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.707", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1153", lastModified: "2024-11-21T05:43:42.323", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.397", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto conducir ataques de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Las vulnerabilidades son debido a una comprobación insuficiente de entrada por parte de la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador. Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado.", }, ], id: "CVE-2021-1156", lastModified: "2024-11-21T05:43:42.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:15.630", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-19 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BD30B0C7-E04A-4B05-82D1-9DA487F8639D", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.0.21:*:*:*:*:*:*:*", matchCriteriaId: "0081BB31-AA51-4E6F-BDC0-62F4E4388F5B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "A9638155-20F1-469E-B13C-2334713B8CAD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:1.0.2.7:*:*:*:*:*:*:*", matchCriteriaId: "1BAB434B-FADE-40F4-9478-1DC063FE0F2C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", matchCriteriaId: "CA92B2A4-A9D9-4BF5-A687-848917283E8C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "482ABE1F-7DEF-4E24-9696-8030DAD98598", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E4C8D001-6827-4DB4-AC6D-83365FD622A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "BF38D8F0-2400-431A-8BFA-48E5D9CB7E33", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:1.2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "5D0624E0-993B-43AE-9D61-4DCA3E39ADAB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "25E45E45-4533-4E9E-B542-606B9EAB3D69", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "58A90A10-CC3F-4743-8FAA-0C8CDCFC1BBD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "89375F30-1ACD-46AF-898F-176546BFF078", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "0A9FB3B1-1669-4B07-849C-7DAF013234F2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "939B5242-6224-4BA7-88CA-467D5350987A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.", }, { lang: "es", value: "Vulnerabilidad de XSS en la interfaz de gestión basada en web en dispositivos Cisco RV110W con firmware before 1.2.1.7, dispositivos RV130W con firmware en versiones anteriores a 1.0.3.16 y dispositivos RV215W con firmware en versiones anteriores a 1.3.0.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro manipulado, también conocido como Bug ID CSCux82583.", }, ], id: "CVE-2016-1396", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-19T01:59:04.043", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1036114", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036114", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en la web de los routers Cisco Small Business RV110W, RV130, RV130W y RV215W podrían permitir a un atacante autenticado y remoto ejecutar un código arbitrario o hacer que un dispositivo afectado se reinicie de forma inesperada. Las vulnerabilidades se deben a una validación inadecuada de los datos suministrados por el usuario en la interfaz de gestión basada en la web. Un atacante podría explotar estas vulnerabilidades enviando peticiones HTTP elaboradas a un dispositivo afectado. Un exploit exitoso podría permitir al atacante ejecutar código arbitrario como usuario raíz en el sistema operativo subyacente o hacer que el dispositivo se recargue, lo que resultaría en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que resuelvan estas vulnerabilidades", }, ], id: "CVE-2021-1169", lastModified: "2024-11-21T05:43:44.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.693", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1198", lastModified: "2024-11-21T05:43:48.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.770", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1207", lastModified: "2024-11-21T05:43:49.703", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:19.457", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades", }, ], id: "CVE-2021-1216", lastModified: "2024-11-21T05:43:50.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:20.177", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1176", lastModified: "2024-11-21T05:43:45.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.207", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.1.7 | |
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "D742A59B-AC7F-4249-AC40-44C63BECC86C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante autenticado remoto ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1167", lastModified: "2024-11-21T05:43:44.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:16.537", references: [ { source: "psirt@cisco.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1177", lastModified: "2024-11-21T05:43:45.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:17.270", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }