Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-1188
Vulnerability from cvelistv5
Published
2021-01-13 21:21
Modified
2024-11-12 20:45
Severity ?
EPSS score ?
0.51%
(0.63516)
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:55.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1188", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:32:16.046970Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:45:34.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Small Business RV Series Router Firmware", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:21:42", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1188", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1188", datePublished: "2021-01-13T21:21:42.692928Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:45:34.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-1188\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2021-01-13T22:15:18.037\",\"lastModified\":\"2024-11-21T05:43:47.107\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.\"},{\"lang\":\"es\",\"value\":\"Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF28AEEA-34F1-40F1-ACDC-25FDD56EA282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"818DD411-2312-4BC8-8909-8392B26EDA7B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E8ECAC-E842-41DB-9612-9374A9648DC2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F1C89A-C44F-4547-967E-918FA10ED8C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBD42A1-5F35-4052-B528-27EE508FD276\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04F9D87-B28C-45AE-9AD3-477A1DE65CE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B0589D7-1930-4A25-A077-BE155D66B2F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE146ECF-BE5C-4CA1-A325-C3402F540FBB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFB84906-A29C-427D-9BE2-D38686E8F86F\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\", \"name\": \"20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T16:02:55.973Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1188\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T20:32:16.046970Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T20:49:20.155Z\"}}], \"cna\": {\"title\": \"Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities\", \"source\": {\"defect\": [[\"CSCvv65098\", \"CSCvv69398\", \"CSCvv71463\", \"CSCvv71466\", \"CSCvv71467\", \"CSCvv71468\", \"CSCvv79107\", \"CSCvv79109\", \"CSCvv79110\", \"CSCvv96729\", \"CSCvv96730\", \"CSCvv96732\", \"CSCvv96733\", \"CSCvv96738\", \"CSCvv96741\", \"CSCvv96742\", \"CSCvv96747\", \"CSCvv96748\", \"CSCvv96751\", \"CSCvv96755\", \"CSCvv96756\", \"CSCvv96757\", \"CSCvv96758\", \"CSCvv96759\", \"CSCvv96761\", \"CSCvv96762\", \"CSCvv96763\", \"CSCvv96764\", \"CSCvv96765\", \"CSCvv96767\", \"CSCvv96768\", \"CSCvv96771\", \"CSCvv96772\", \"CSCvv96799\", \"CSCvv96800\", \"CSCvv96801\", \"CSCvv96806\", \"CSCvv96807\", \"CSCvv96809\", \"CSCvv96810\", \"CSCvv96811\", \"CSCvv96812\", \"CSCvv96814\", \"CSCvv96817\", \"CSCvv96818\", \"CSCvv96820\", \"CSCvw04678\", \"CSCvw04779\", \"CSCvw04781\", \"CSCvw06813\", \"CSCvw06828\", \"CSCvw06832\", \"CSCvw06841\", \"CSCvw06846\", \"CSCvw06852\", \"CSCvw06860\", \"CSCvw06865\", \"CSCvw06868\", \"CSCvw06873\", \"CSCvw06874\", \"CSCvw06879\", \"CSCvw06880\", \"CSCvw06882\", \"CSCvw06894\", \"CSCvw06900\", \"CSCvw06902\", \"CSCvw06950\", \"CSCvw06958\", \"CSCvw06961\", \"CSCvw06962\", \"CSCvw06967\", \"CSCvw06971\", \"CSCvw06978\", \"CSCvw06981\", \"CSCvw06982\", \"CSCvw06987\", \"CSCvw06991\", \"CSCvw06992\", \"CSCvw06993\", \"CSCvw06998\", \"CSCvw07002\", \"CSCvw10473\", \"CSCvw10484\", \"CSCvw10487\", \"CSCvw49030\", \"CSCvw49034\", \"CSCvw49036\", \"CSCvw76488\", \"CSCvw91642\"]], \"advisory\": \"cisco-sa-rv-overflow-WUnUgv4U\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Small Business RV Series Router Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.\"}], \"datePublic\": \"2021-01-13T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\", \"name\": \"20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2021-01-13T21:21:42\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.2\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvv65098\", \"CSCvv69398\", \"CSCvv71463\", \"CSCvv71466\", \"CSCvv71467\", \"CSCvv71468\", \"CSCvv79107\", \"CSCvv79109\", \"CSCvv79110\", \"CSCvv96729\", \"CSCvv96730\", \"CSCvv96732\", \"CSCvv96733\", \"CSCvv96738\", \"CSCvv96741\", \"CSCvv96742\", \"CSCvv96747\", \"CSCvv96748\", \"CSCvv96751\", \"CSCvv96755\", \"CSCvv96756\", \"CSCvv96757\", \"CSCvv96758\", \"CSCvv96759\", \"CSCvv96761\", \"CSCvv96762\", \"CSCvv96763\", \"CSCvv96764\", \"CSCvv96765\", \"CSCvv96767\", \"CSCvv96768\", \"CSCvv96771\", \"CSCvv96772\", \"CSCvv96799\", \"CSCvv96800\", \"CSCvv96801\", \"CSCvv96806\", \"CSCvv96807\", \"CSCvv96809\", \"CSCvv96810\", \"CSCvv96811\", \"CSCvv96812\", \"CSCvv96814\", \"CSCvv96817\", \"CSCvv96818\", \"CSCvv96820\", \"CSCvw04678\", \"CSCvw04779\", \"CSCvw04781\", \"CSCvw06813\", \"CSCvw06828\", \"CSCvw06832\", \"CSCvw06841\", \"CSCvw06846\", \"CSCvw06852\", \"CSCvw06860\", \"CSCvw06865\", \"CSCvw06868\", \"CSCvw06873\", \"CSCvw06874\", \"CSCvw06879\", \"CSCvw06880\", \"CSCvw06882\", \"CSCvw06894\", \"CSCvw06900\", \"CSCvw06902\", \"CSCvw06950\", \"CSCvw06958\", \"CSCvw06961\", \"CSCvw06962\", \"CSCvw06967\", \"CSCvw06971\", \"CSCvw06978\", \"CSCvw06981\", \"CSCvw06982\", \"CSCvw06987\", \"CSCvw06991\", \"CSCvw06992\", \"CSCvw06993\", \"CSCvw06998\", \"CSCvw07002\", \"CSCvw10473\", \"CSCvw10484\", \"CSCvw10487\", \"CSCvw49030\", \"CSCvw49034\", \"CSCvw49036\", \"CSCvw76488\", \"CSCvw91642\"]], \"advisory\": \"cisco-sa-rv-overflow-WUnUgv4U\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco Small Business RV Series Router Firmware\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\", \"name\": \"20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-121\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-1188\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2021-01-13T16:00:00\"}}}}", cveMetadata: "{\"cveId\": \"CVE-2021-1188\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-12T20:45:34.787Z\", \"dateReserved\": \"2020-11-13T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2021-01-13T21:21:42.692928Z\", \"assignerShortName\": \"cisco\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
var-202101-0832
Vulnerability from variot
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV The router is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Or cause the device to reload. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0832", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "application extension platform", scope: "eq", trust: 1, vendor: "cisco", version: "1.0.3.55", }, { model: "rv130 vpn router", scope: "eq", trust: 1, vendor: "cisco", version: "1.3.1.7", }, { model: "rv130 vpn router", scope: "eq", trust: 1, vendor: "cisco", version: "1.2.2.8", }, { model: "rv130w", scope: "eq", trust: 1, vendor: "cisco", version: "1.3.1.7", }, { model: "rv110w", scope: "eq", trust: 1, vendor: "cisco", version: "1.3.1.7", }, { model: "rv130w", scope: "eq", trust: 1, vendor: "cisco", version: "1.2.2.8", }, { model: "rv110w", scope: "eq", trust: 1, vendor: "cisco", version: "1.2.2.8", }, { model: "rv215w wireless-n vpn router", scope: "eq", trust: 1, vendor: "cisco", version: "1.3.1.7", }, { model: "rv215w wireless-n vpn router", scope: "eq", trust: 1, vendor: "cisco", version: "1.2.2.8", }, { model: "cisco rv130w wireless-n multifunction vpn router", scope: null, trust: 0.8, vendor: "シスコシステムズ", version: null, }, { model: "rv130 vpn router", scope: null, trust: 0.8, vendor: "シスコシステムズ", version: null, }, { model: "cisco rv110w wireless-n vpn firewall", scope: null, trust: 0.8, vendor: "シスコシステムズ", version: null, }, { model: "rv215w wireless-n vpn router", scope: null, trust: 0.8, vendor: "シスコシステムズ", version: null, }, { model: "application extension platform", scope: null, trust: 0.8, vendor: "シスコシステムズ", version: null, }, { model: "rv110w", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "rv130w no", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "rv215w no", scope: null, trust: 0.6, vendor: "cisco", version: null, }, { model: "rv130", scope: null, trust: 0.6, vendor: "cisco", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-41199", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "NVD", id: "CVE-2021-1188", }, ], }, cve: "CVE-2021-1188", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "CVE-2021-1188", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "CNVD-2021-41199", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "VHN-374242", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.2, id: "CVE-2021-1188", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.2, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2021-1188", impactScore: null, integrityImpact: "High", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-1188", trust: 1, value: "HIGH", }, { author: "ykramarz@cisco.com", id: "CVE-2021-1188", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-1188", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2021-41199", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202101-987", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-374242", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2021-41199", }, { db: "VULHUB", id: "VHN-374242", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "CNNVD", id: "CNNVD-202101-987", }, { db: "NVD", id: "CVE-2021-1188", }, { db: "NVD", id: "CVE-2021-1188", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. plural Cisco Small Business RV The router is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco RV110W is a Wireless-N VPN firewall, Cisco RV130 is a multifunctional VPN router, Cisco RV130W is a Wireless-N multifunctional VPN router, and Cisco RV215W is a Wireless-N VPN router. Or cause the device to reload. Cisco RV110W, etc. The following products and versions are affected: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers", sources: [ { db: "NVD", id: "CVE-2021-1188", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "CNVD", id: "CNVD-2021-41199", }, { db: "VULHUB", id: "VHN-374242", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-1188", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2021-002657", trust: 0.8, }, { db: "CNVD", id: "CNVD-2021-41199", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.0232", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.0142", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202101-987", trust: 0.6, }, { db: "VULHUB", id: "VHN-374242", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-41199", }, { db: "VULHUB", id: "VHN-374242", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "CNNVD", id: "CNNVD-202101-987", }, { db: "NVD", id: "CVE-2021-1188", }, ], }, id: "VAR-202101-0832", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2021-41199", }, { db: "VULHUB", id: "VHN-374242", }, ], trust: 1.4114631585714283, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2021-41199", }, ], }, last_update_date: "2024-11-23T21:34:55.266000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-rv-overflow-WUnUgv4U", trust: 0.8, url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { title: "Patch for Cisco RV110W/RV130/RV130W/RV215W remote command execution and denial of service vulnerability (CNVD-2021-41199)", trust: 0.6, url: "https://www.cnvd.org.cn/patchInfo/show/272436", }, { title: "Multiple Cisco Product Buffer Error Vulnerability Fix", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139521", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-41199", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "CNNVD", id: "CNNVD-202101-987", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.1, }, { problemtype: "CWE-121", trust: 1, }, { problemtype: "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-374242", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "NVD", id: "CVE-2021-1188", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.9, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-overflow-wunugv4u", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1188", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.0142/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.0232/", }, ], sources: [ { db: "CNVD", id: "CNVD-2021-41199", }, { db: "VULHUB", id: "VHN-374242", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "CNNVD", id: "CNNVD-202101-987", }, { db: "NVD", id: "CVE-2021-1188", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2021-41199", }, { db: "VULHUB", id: "VHN-374242", }, { db: "JVNDB", id: "JVNDB-2021-002657", }, { db: "CNNVD", id: "CNNVD-202101-987", }, { db: "NVD", id: "CVE-2021-1188", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-13T00:00:00", db: "CNVD", id: "CNVD-2021-41199", }, { date: "2021-01-13T00:00:00", db: "VULHUB", id: "VHN-374242", }, { date: "2021-09-29T00:00:00", db: "JVNDB", id: "JVNDB-2021-002657", }, { date: "2021-01-13T00:00:00", db: "CNNVD", id: "CNNVD-202101-987", }, { date: "2021-01-13T22:15:18.037000", db: "NVD", id: "CVE-2021-1188", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-06-13T00:00:00", db: "CNVD", id: "CNVD-2021-41199", }, { date: "2021-01-15T00:00:00", db: "VULHUB", id: "VHN-374242", }, { date: "2021-09-29T02:01:00", db: "JVNDB", id: "JVNDB-2021-002657", }, { date: "2021-01-21T00:00:00", db: "CNNVD", id: "CNNVD-202101-987", }, { date: "2024-11-21T05:43:47.107000", db: "NVD", id: "CVE-2021-1188", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202101-987", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Cisco Small Business RV Out-of-bounds write vulnerability in routers", sources: [ { db: "JVNDB", id: "JVNDB-2021-002657", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202101-987", }, ], trust: 0.6, }, }
gsd-2021-1188
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-1188", description: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", id: "GSD-2021-1188", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-1188", ], details: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", id: "GSD-2021-1188", modified: "2023-12-13T01:23:23.168849Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1188", STATE: "PUBLIC", TITLE: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Small Business RV Series Router Firmware ", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, exploit: [ { lang: "eng", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. ", }, ], impact: { cvss: { baseScore: "7.2", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-121", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, source: { advisory: "cisco-sa-rv-overflow-WUnUgv4U", defect: [ [ "CSCvv65098", "CSCvv69398", "CSCvv71463", "CSCvv71466", "CSCvv71467", "CSCvv71468", "CSCvv79107", "CSCvv79109", "CSCvv79110", "CSCvv96729", "CSCvv96730", "CSCvv96732", "CSCvv96733", "CSCvv96738", "CSCvv96741", "CSCvv96742", "CSCvv96747", "CSCvv96748", "CSCvv96751", "CSCvv96755", "CSCvv96756", "CSCvv96757", "CSCvv96758", "CSCvv96759", "CSCvv96761", "CSCvv96762", "CSCvv96763", "CSCvv96764", "CSCvv96765", "CSCvv96767", "CSCvv96768", "CSCvv96771", "CSCvv96772", "CSCvv96799", "CSCvv96800", "CSCvv96801", "CSCvv96806", "CSCvv96807", "CSCvv96809", "CSCvv96810", "CSCvv96811", "CSCvv96812", "CSCvv96814", "CSCvv96817", "CSCvv96818", "CSCvv96820", "CSCvw04678", "CSCvw04779", "CSCvw04781", "CSCvw06813", "CSCvw06828", "CSCvw06832", "CSCvw06841", "CSCvw06846", "CSCvw06852", "CSCvw06860", "CSCvw06865", "CSCvw06868", "CSCvw06873", "CSCvw06874", "CSCvw06879", "CSCvw06880", "CSCvw06882", "CSCvw06894", "CSCvw06900", "CSCvw06902", "CSCvw06950", "CSCvw06958", "CSCvw06961", "CSCvw06962", "CSCvw06967", "CSCvw06971", "CSCvw06978", "CSCvw06981", "CSCvw06982", "CSCvw06987", "CSCvw06991", "CSCvw06992", "CSCvw06993", "CSCvw06998", "CSCvw07002", "CSCvw10473", "CSCvw10484", "CSCvw10487", "CSCvw49030", "CSCvw49034", "CSCvw49036", "CSCvw76488", "CSCvw91642", ], ], discovery: "INTERNAL", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2021-1188", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", refsource: "CISCO", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, }, }, lastModifiedDate: "2021-01-15T19:54Z", publishedDate: "2021-01-13T22:15Z", }, }, }
cisco-sa-rv-overflow-WUnUgv4U
Vulnerability from csaf_cisco
Published
2021-01-13 16:00
Modified
2021-01-19 16:21
Summary
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities
Notes
Summary
Multiple vulnerabilities in the Universal Plug and Play (UPnP) service and the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.
For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Vulnerable Products
These vulnerabilities affect the following Cisco Small Business routers:
RV110W Wireless-N VPN Firewall
RV130 VPN Router
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router
The web-based management interface of these devices is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, the remote management feature is disabled for these devices.
Determine the Device Configuration
To determine whether the remote management feature is enabled for a device, open the web-based management interface and choose Basic Settings > Remote Management. If the Enable box is checked, remote management is enabled for the device.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.
Details
The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.
Details about the vulnerabilities are as follows.
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers UPnP Remote Command Execution and Denial of Service Vulnerability
A vulnerability in the Universal Plug and Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.
The vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvv79107, CSCvv79109, and CSCvv79110
CVE ID: CVE-2021-1164
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker with valid administrator credentials to execute arbitrary code or cause an affected device to restart unexpectedly.
The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvv96742, CSCvv96741, CSCvv96738, CSCvv96733, CSCvv96732, CSCvv96729, CSCvv96730, CSCvw10473, CSCvw10487, CSCvw10484, CSCvw04678, CSCvw04779, CSCvw04781, CSCvv96765, CSCvv96767, CSCvv96764, CSCvv96756, CSCvv96755, CSCvv96751, CSCvv96748, CSCvv96747, CSCvv96772, CSCvv96771, CSCvv96768, CSCvv96763, CSCvv96762, CSCvv96761, CSCvv96757, CSCvv96820, CSCvv96758, CSCvv96759, CSCvv96812, CSCvv96814, CSCvv96811, CSCvv96810, CSCvv96809, CSCvv96806, CSCvv96799, CSCvv96800, CSCvv96801, CSCvv96807, CSCvw06978, CSCvw06865, CSCvw06971, CSCvw06860, CSCvw06967, CSCvw06852, CSCvw06962, CSCvw06846, CSCvw06841, CSCvw06961, CSCvw06832, CSCvw06958, CSCvv96817, CSCvv96818, CSCvw06813, CSCvw06902, CSCvw06828, CSCvw06950, CSCvv71466, CSCvv71463, CSCvv69398, CSCvw49030, CSCvw49036, CSCvw49034, CSCvv71467, CSCvv71468, CSCvv65098, CSCvw07002, CSCvw06900, CSCvw06998, CSCvw06894, CSCvw06993, CSCvw06882, CSCvw06868, CSCvw06981, CSCvw06873, CSCvw06982, CSCvw06987, CSCvw06874, CSCvw06879, CSCvw06991, CSCvw06880, CSCvw06992, CSCvw76488, and CSCvw91642
CVE ID(s): CVE-2021-1209, CVE-2021-1207, CVE-2021-1167, CVE-2021-1208, CVE-2021-1360, CVE-2021-1168, CVE-2021-1204, CVE-2021-1173, CVE-2021-1187, CVE-2021-1161, CVE-2021-1198, CVE-2021-1182, CVE-2021-1211, CVE-2021-1163, CVE-2021-1171, CVE-2021-1188, CVE-2021-1189, CVE-2021-1159, CVE-2021-1192, CVE-2021-1184, CVE-2021-1216, CVE-2021-1177, CVE-2021-1210, CVE-2021-1170, CVE-2021-1174, CVE-2021-1200, CVE-2021-1195, CVE-2021-1215, CVE-2021-1205, CVE-2021-1201, CVE-2021-1196, CVE-2021-1175, CVE-2021-1179, CVE-2021-1191, CVE-2021-1169, CVE-2021-1307, CVE-2021-1212, CVE-2021-1180, CVE-2021-1190, CVE-2021-1185, CVE-2021-1176, CVE-2021-1172, CVE-2021-1183, CVE-2021-1166, CVE-2021-1194, CVE-2021-1203, CVE-2021-1206, CVE-2021-1178, CVE-2021-1214, CVE-2021-1217, CVE-2021-1186, CVE-2021-1165, CVE-2021-1197, CVE-2021-1160, CVE-2021-1181, CVE-2021-1162, CVE-2021-1199, CVE-2021-1213, CVE-2021-1193, and CVE-2021-1202
Security Impact Rating (SIR): High
CVSS Base Score: 7.2
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Workarounds
There are no workarounds that address these vulnerabilities.
Fixed Software
Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products:
End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV Series Routers (selected models) ["https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf"]
Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers.
When considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["http://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that new device will be sufficient for their network needs; new devices contain sufficient memory, and current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
Source
Cisco would like to thank the following people for reporting these vulnerabilities:
ADLab of Venustech: CVE-2021-1168, CVE-2021-1197, CVE-2021-1198, CVE-2021-1199, CVE-2021-1200, CVE-2021-1201, CVE-2021-1202, CVE-2021-1205, CVE-2021-1206, CVE-2021-1210, CVE-2021-1211, CVE-2021-1212, CVE-2021-1213, CVE-2021-1214, CVE-2021-1215, CVE-2021-1216, and CVE-2021-1217
Kai Cheng of the Institute of Information Engineering, Chinese Academy of Sciences: CVE-2021-1159, CVE-2021-1160, CVE-2021-1161, CVE-2021-1162, CVE-2021-1163, CVE-2021-1165, CVE-2021-1166, CVE-2021-1169, CVE-2021-1170, CVE-2021-1171, CVE-2021-1172, CVE-2021-1173, CVE-2021-1174, CVE-2021-1175, CVE-2021-1176, CVE-2021-1177, CVE-2021-1178, CVE-2021-1179, CVE-2021-1180, CVE-2021-1181, CVE-2021-1182, CVE-2021-1183, CVE-2021-1184, CVE-2021-1185, CVE-2021-1186, CVE-2021-1187, CVE-2021-1188, CVE-2021-1189, CVE-2021-1190, CVE-2021-1191, CVE-2021-1192, CVE-2021-1193, CVE-2021-1194, CVE-2021-1195, CVE-2021-1196, CVE-2021-1203, and CVE-2021-1204
Shizhi He of Wuhan University: CVE-2021-1167 and CVE-2021-1208
Simp1e of 1AQ Team: CVE-2021-1207, CVE-2021-1209, and CVE-2021-1307
Swings of Chaitin Security Research Lab: CVE-2021-1207, CVE-2021-1209, CVE-2021-1164, and CVE-2021-1307
Treck Zhou and Ares. Pan: CVE-2021-1164 and CVE-2021-1360
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ document: { acknowledgments: [ { summary: "Cisco would like to thank the following people for reporting these vulnerabilities:\r\n\r\nADLab of Venustech: CVE-2021-1168, CVE-2021-1197, CVE-2021-1198, CVE-2021-1199, CVE-2021-1200, CVE-2021-1201, CVE-2021-1202, CVE-2021-1205, CVE-2021-1206, CVE-2021-1210, CVE-2021-1211, CVE-2021-1212, CVE-2021-1213, CVE-2021-1214, CVE-2021-1215, CVE-2021-1216, and CVE-2021-1217\r\nKai Cheng of the Institute of Information Engineering, Chinese Academy of Sciences: CVE-2021-1159, CVE-2021-1160, CVE-2021-1161, CVE-2021-1162, CVE-2021-1163, CVE-2021-1165, CVE-2021-1166, CVE-2021-1169, CVE-2021-1170, CVE-2021-1171, CVE-2021-1172, CVE-2021-1173, CVE-2021-1174, CVE-2021-1175, CVE-2021-1176, CVE-2021-1177, CVE-2021-1178, CVE-2021-1179, CVE-2021-1180, CVE-2021-1181, CVE-2021-1182, CVE-2021-1183, CVE-2021-1184, CVE-2021-1185, CVE-2021-1186, CVE-2021-1187, CVE-2021-1188, CVE-2021-1189, CVE-2021-1190, CVE-2021-1191, CVE-2021-1192, CVE-2021-1193, CVE-2021-1194, CVE-2021-1195, CVE-2021-1196, CVE-2021-1203, and CVE-2021-1204\r\nShizhi He of Wuhan University: CVE-2021-1167 and CVE-2021-1208\r\nSimp1e of 1AQ Team: CVE-2021-1207, CVE-2021-1209, and CVE-2021-1307\r\nSwings of Chaitin Security Research Lab: CVE-2021-1207, CVE-2021-1209, CVE-2021-1164, and CVE-2021-1307\r\nTreck Zhou and Ares. Pan: CVE-2021-1164 and CVE-2021-1360", }, ], category: "csaf_security_advisory", csaf_version: "2.0", notes: [ { category: "summary", text: "Multiple vulnerabilities in the Universal Plug and Play (UPnP) service and the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.\r\n\r\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\r\n\r\nCisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\n", title: "Summary", }, { category: "general", text: "These vulnerabilities affect the following Cisco Small Business routers:\r\n\r\nRV110W Wireless-N VPN Firewall\r\nRV130 VPN Router\r\nRV130W Wireless-N Multifunction VPN Router\r\nRV215W Wireless-N VPN Router\r\n\r\nThe web-based management interface of these devices is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, the remote management feature is disabled for these devices.\r\n\r\nDetermine the Device Configuration\r\n\r\nTo determine whether the remote management feature is enabled for a device, open the web-based management interface and choose Basic Settings > Remote Management. If the Enable box is checked, remote management is enabled for the device.", title: "Vulnerable Products", }, { category: "general", text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.", title: "Products Confirmed Not Vulnerable", }, { category: "general", text: "The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.\r\n\r\nDetails about the vulnerabilities are as follows.\r\n\r\nCisco Small Business RV110W, RV130, RV130W, and RV215W Routers UPnP Remote Command Execution and Denial of Service Vulnerability\r\n\r\nA vulnerability in the Universal Plug and Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.\r\n\r\nThe vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition.\r\n\r\nCisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nBug ID(s): CSCvv79107, CSCvv79109, and CSCvv79110\r\nCVE ID: CVE-2021-1164\r\nSecurity Impact Rating (SIR): Critical\r\nCVSS Base Score: 9.8\r\nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\r\n\r\nCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities\r\n\r\nMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker with valid administrator credentials to execute arbitrary code or cause an affected device to restart unexpectedly.\r\n\r\nThe vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.\r\n\r\nCisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\nBug ID(s): CSCvv96742, CSCvv96741, CSCvv96738, CSCvv96733, CSCvv96732, CSCvv96729, CSCvv96730, CSCvw10473, CSCvw10487, CSCvw10484, CSCvw04678, CSCvw04779, CSCvw04781, CSCvv96765, CSCvv96767, CSCvv96764, CSCvv96756, CSCvv96755, CSCvv96751, CSCvv96748, CSCvv96747, CSCvv96772, CSCvv96771, CSCvv96768, CSCvv96763, CSCvv96762, CSCvv96761, CSCvv96757, CSCvv96820, CSCvv96758, CSCvv96759, CSCvv96812, CSCvv96814, CSCvv96811, CSCvv96810, CSCvv96809, CSCvv96806, CSCvv96799, CSCvv96800, CSCvv96801, CSCvv96807, CSCvw06978, CSCvw06865, CSCvw06971, CSCvw06860, CSCvw06967, CSCvw06852, CSCvw06962, CSCvw06846, CSCvw06841, CSCvw06961, CSCvw06832, CSCvw06958, CSCvv96817, CSCvv96818, CSCvw06813, CSCvw06902, CSCvw06828, CSCvw06950, CSCvv71466, CSCvv71463, CSCvv69398, CSCvw49030, CSCvw49036, CSCvw49034, CSCvv71467, CSCvv71468, CSCvv65098, CSCvw07002, CSCvw06900, CSCvw06998, CSCvw06894, CSCvw06993, CSCvw06882, CSCvw06868, CSCvw06981, CSCvw06873, CSCvw06982, CSCvw06987, CSCvw06874, CSCvw06879, CSCvw06991, CSCvw06880, CSCvw06992, CSCvw76488, and CSCvw91642\r\nCVE ID(s): CVE-2021-1209, CVE-2021-1207, CVE-2021-1167, CVE-2021-1208, CVE-2021-1360, CVE-2021-1168, CVE-2021-1204, CVE-2021-1173, CVE-2021-1187, CVE-2021-1161, CVE-2021-1198, CVE-2021-1182, CVE-2021-1211, CVE-2021-1163, CVE-2021-1171, CVE-2021-1188, CVE-2021-1189, CVE-2021-1159, CVE-2021-1192, CVE-2021-1184, CVE-2021-1216, CVE-2021-1177, CVE-2021-1210, CVE-2021-1170, CVE-2021-1174, CVE-2021-1200, CVE-2021-1195, CVE-2021-1215, CVE-2021-1205, CVE-2021-1201, CVE-2021-1196, CVE-2021-1175, CVE-2021-1179, CVE-2021-1191, CVE-2021-1169, CVE-2021-1307, CVE-2021-1212, CVE-2021-1180, CVE-2021-1190, CVE-2021-1185, CVE-2021-1176, CVE-2021-1172, CVE-2021-1183, CVE-2021-1166, CVE-2021-1194, CVE-2021-1203, CVE-2021-1206, CVE-2021-1178, CVE-2021-1214, CVE-2021-1217, CVE-2021-1186, CVE-2021-1165, CVE-2021-1197, CVE-2021-1160, CVE-2021-1181, CVE-2021-1162, CVE-2021-1199, CVE-2021-1213, CVE-2021-1193, and CVE-2021-1202\r\nSecurity Impact Rating (SIR): High\r\nCVSS Base Score: 7.2\r\nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", title: "Details", }, { category: "general", text: "There are no workarounds that address these vulnerabilities.", title: "Workarounds", }, { category: "general", text: "Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products:\r\n\r\nEnd-of-Sale and End-of-Life Announcement for the Cisco Small Business RV Series Routers (selected models) [\"https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf\"]\r\n\r\nCustomers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers.\r\n\r\nWhen considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"http://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that new device will be sufficient for their network needs; new devices contain sufficient memory, and current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.", title: "Fixed Software", }, { category: "general", text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", title: "Vulnerability Policy", }, { category: "general", text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", title: "Exploitation and Public Announcements", }, { category: "general", text: "Cisco would like to thank the following people for reporting these vulnerabilities:\r\n\r\nADLab of Venustech: CVE-2021-1168, CVE-2021-1197, CVE-2021-1198, CVE-2021-1199, CVE-2021-1200, CVE-2021-1201, CVE-2021-1202, CVE-2021-1205, CVE-2021-1206, CVE-2021-1210, CVE-2021-1211, CVE-2021-1212, CVE-2021-1213, CVE-2021-1214, CVE-2021-1215, CVE-2021-1216, and CVE-2021-1217\r\nKai Cheng of the Institute of Information Engineering, Chinese Academy of Sciences: CVE-2021-1159, CVE-2021-1160, CVE-2021-1161, CVE-2021-1162, CVE-2021-1163, CVE-2021-1165, CVE-2021-1166, CVE-2021-1169, CVE-2021-1170, CVE-2021-1171, CVE-2021-1172, CVE-2021-1173, CVE-2021-1174, CVE-2021-1175, CVE-2021-1176, CVE-2021-1177, CVE-2021-1178, CVE-2021-1179, CVE-2021-1180, CVE-2021-1181, CVE-2021-1182, CVE-2021-1183, CVE-2021-1184, CVE-2021-1185, CVE-2021-1186, CVE-2021-1187, CVE-2021-1188, CVE-2021-1189, CVE-2021-1190, CVE-2021-1191, CVE-2021-1192, CVE-2021-1193, CVE-2021-1194, CVE-2021-1195, CVE-2021-1196, CVE-2021-1203, and CVE-2021-1204\r\nShizhi He of Wuhan University: CVE-2021-1167 and CVE-2021-1208\r\nSimp1e of 1AQ Team: CVE-2021-1207, CVE-2021-1209, and CVE-2021-1307\r\nSwings of Chaitin Security Research Lab: CVE-2021-1207, CVE-2021-1209, CVE-2021-1164, and CVE-2021-1307\r\nTreck Zhou and Ares. Pan: CVE-2021-1164 and CVE-2021-1360", title: "Source", }, { category: "legal_disclaimer", text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", title: "Legal Disclaimer", }, ], publisher: { category: "vendor", contact_details: "psirt@cisco.com", issuing_authority: "Cisco PSIRT", name: "Cisco", namespace: "https://wwww.cisco.com", }, references: [ { category: "self", summary: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { category: "external", summary: "Cisco Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, { category: "external", summary: "End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV Series Routers (selected models)", url: "https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf", }, { category: "external", summary: "Cisco Security Advisories and Alerts page", url: "http://www.cisco.com/go/psirt", }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities", tracking: { current_release_date: "2021-01-19T16:21:32+00:00", generator: { date: "2024-05-10T22:57:30+00:00", engine: { name: "TVCE", }, }, id: "cisco-sa-rv-overflow-WUnUgv4U", initial_release_date: "2021-01-13T16:00:00+00:00", revision_history: [ { date: "2021-01-13T15:40:36+00:00", number: "1.0.0", summary: "Initial public release.", }, { date: "2021-01-14T15:33:52+00:00", number: "1.1.0", summary: "Updated external researcher information.", }, { date: "2021-01-19T16:21:32+00:00", number: "2.0.0", summary: "Changed advisory SIR from High to Critical. Updated the advisory title. Added a Details section. Changed the description and updated the CVSS score and SIR for CVE-2021-1164.", }, ], status: "final", version: "2.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_family", name: "Cisco Small Business RV Series Router Firmware", product: { name: "Cisco Small Business RV Series Router Firmware ", product_id: "CSAFPID-183630", }, }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1209", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv71468", }, { system_name: "Cisco Bug ID", text: "CSCvv65098", }, { system_name: "Cisco Bug ID", text: "CSCvv71467", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1207", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv71466", }, { system_name: "Cisco Bug ID", text: "CSCvv69398", }, { system_name: "Cisco Bug ID", text: "CSCvv71463", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1208", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw49034", }, { system_name: "Cisco Bug ID", text: "CSCvw49030", }, { system_name: "Cisco Bug ID", text: "CSCvw49036", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1168", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw04779", }, { system_name: "Cisco Bug ID", text: "CSCvw04678", }, { system_name: "Cisco Bug ID", text: "CSCvw04781", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1204", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96818", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1187", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96812", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1198", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06860", }, { system_name: "Cisco Bug ID", text: "CSCvw06971", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1182", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96761", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1211", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06894", }, { system_name: "Cisco Bug ID", text: "CSCvw06998", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1163", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96732", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1171", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96764", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1164", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv79107", }, { system_name: "Cisco Bug ID", text: "CSCvv79109", }, { system_name: "Cisco Bug ID", text: "CSCvv79110", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers UPNP Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1188", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96814", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1189", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96811", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1159", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96742", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1192", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96806", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1184", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96820", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1216", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06879", }, { system_name: "Cisco Bug ID", text: "CSCvw06991", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1177", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96772", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1210", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06900", }, { system_name: "Cisco Bug ID", text: "CSCvw07002", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1170", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96767", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1174", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96751", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1200", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06846", }, { system_name: "Cisco Bug ID", text: "CSCvw06962", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1195", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96801", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1215", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06874", }, { system_name: "Cisco Bug ID", text: "CSCvw06987", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1205", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06813", }, { system_name: "Cisco Bug ID", text: "CSCvw06902", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1201", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06841", }, { system_name: "Cisco Bug ID", text: "CSCvw06961", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1196", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96807", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1175", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96748", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1179", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96768", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1191", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96809", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1169", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96765", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1212", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06882", }, { system_name: "Cisco Bug ID", text: "CSCvw06993", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1180", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96763", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1190", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96810", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1185", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96758", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1176", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96747", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1172", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96756", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1183", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96757", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1166", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96730", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1194", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96800", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1203", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96817", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1206", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06828", }, { system_name: "Cisco Bug ID", text: "CSCvw06950", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1178", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96771", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1214", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06873", }, { system_name: "Cisco Bug ID", text: "CSCvw06982", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1217", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06880", }, { system_name: "Cisco Bug ID", text: "CSCvw06992", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1186", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96759", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1165", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96729", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1197", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06865", }, { system_name: "Cisco Bug ID", text: "CSCvw06978", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1160", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96741", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1181", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96762", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1162", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96733", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1199", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06852", }, { system_name: "Cisco Bug ID", text: "CSCvw06967", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1213", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06868", }, { system_name: "Cisco Bug ID", text: "CSCvw06981", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1193", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96799", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1202", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06832", }, { system_name: "Cisco Bug ID", text: "CSCvw06958", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1167", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw10484", }, { system_name: "Cisco Bug ID", text: "CSCvw10473", }, { system_name: "Cisco Bug ID", text: "CSCvw10487", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1360", notes: [ { category: "other", text: "Not available.", title: "Affected Product Comprehensiveness", }, ], release_date: "2021-01-13T16:00:00+00:00", title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, { cve: "CVE-2021-1173", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96755", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1161", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96738", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1307", notes: [ { category: "other", text: "Not available.", title: "Affected Product Comprehensiveness", }, ], release_date: "2021-01-13T16:00:00+00:00", title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, ], }
cisco-sa-rv-overflow-wunugv4u
Vulnerability from csaf_cisco
Published
2021-01-13 16:00
Modified
2021-01-19 16:21
Summary
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities
Notes
Summary
Multiple vulnerabilities in the Universal Plug and Play (UPnP) service and the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.
For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.
Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Vulnerable Products
These vulnerabilities affect the following Cisco Small Business routers:
RV110W Wireless-N VPN Firewall
RV130 VPN Router
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router
The web-based management interface of these devices is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, the remote management feature is disabled for these devices.
Determine the Device Configuration
To determine whether the remote management feature is enabled for a device, open the web-based management interface and choose Basic Settings > Remote Management. If the Enable box is checked, remote management is enabled for the device.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.
Details
The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.
Details about the vulnerabilities are as follows.
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers UPnP Remote Command Execution and Denial of Service Vulnerability
A vulnerability in the Universal Plug and Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.
The vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCvv79107, CSCvv79109, and CSCvv79110
CVE ID: CVE-2021-1164
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker with valid administrator credentials to execute arbitrary code or cause an affected device to restart unexpectedly.
The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvv96742, CSCvv96741, CSCvv96738, CSCvv96733, CSCvv96732, CSCvv96729, CSCvv96730, CSCvw10473, CSCvw10487, CSCvw10484, CSCvw04678, CSCvw04779, CSCvw04781, CSCvv96765, CSCvv96767, CSCvv96764, CSCvv96756, CSCvv96755, CSCvv96751, CSCvv96748, CSCvv96747, CSCvv96772, CSCvv96771, CSCvv96768, CSCvv96763, CSCvv96762, CSCvv96761, CSCvv96757, CSCvv96820, CSCvv96758, CSCvv96759, CSCvv96812, CSCvv96814, CSCvv96811, CSCvv96810, CSCvv96809, CSCvv96806, CSCvv96799, CSCvv96800, CSCvv96801, CSCvv96807, CSCvw06978, CSCvw06865, CSCvw06971, CSCvw06860, CSCvw06967, CSCvw06852, CSCvw06962, CSCvw06846, CSCvw06841, CSCvw06961, CSCvw06832, CSCvw06958, CSCvv96817, CSCvv96818, CSCvw06813, CSCvw06902, CSCvw06828, CSCvw06950, CSCvv71466, CSCvv71463, CSCvv69398, CSCvw49030, CSCvw49036, CSCvw49034, CSCvv71467, CSCvv71468, CSCvv65098, CSCvw07002, CSCvw06900, CSCvw06998, CSCvw06894, CSCvw06993, CSCvw06882, CSCvw06868, CSCvw06981, CSCvw06873, CSCvw06982, CSCvw06987, CSCvw06874, CSCvw06879, CSCvw06991, CSCvw06880, CSCvw06992, CSCvw76488, and CSCvw91642
CVE ID(s): CVE-2021-1209, CVE-2021-1207, CVE-2021-1167, CVE-2021-1208, CVE-2021-1360, CVE-2021-1168, CVE-2021-1204, CVE-2021-1173, CVE-2021-1187, CVE-2021-1161, CVE-2021-1198, CVE-2021-1182, CVE-2021-1211, CVE-2021-1163, CVE-2021-1171, CVE-2021-1188, CVE-2021-1189, CVE-2021-1159, CVE-2021-1192, CVE-2021-1184, CVE-2021-1216, CVE-2021-1177, CVE-2021-1210, CVE-2021-1170, CVE-2021-1174, CVE-2021-1200, CVE-2021-1195, CVE-2021-1215, CVE-2021-1205, CVE-2021-1201, CVE-2021-1196, CVE-2021-1175, CVE-2021-1179, CVE-2021-1191, CVE-2021-1169, CVE-2021-1307, CVE-2021-1212, CVE-2021-1180, CVE-2021-1190, CVE-2021-1185, CVE-2021-1176, CVE-2021-1172, CVE-2021-1183, CVE-2021-1166, CVE-2021-1194, CVE-2021-1203, CVE-2021-1206, CVE-2021-1178, CVE-2021-1214, CVE-2021-1217, CVE-2021-1186, CVE-2021-1165, CVE-2021-1197, CVE-2021-1160, CVE-2021-1181, CVE-2021-1162, CVE-2021-1199, CVE-2021-1213, CVE-2021-1193, and CVE-2021-1202
Security Impact Rating (SIR): High
CVSS Base Score: 7.2
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Workarounds
There are no workarounds that address these vulnerabilities.
Fixed Software
Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products:
End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV Series Routers (selected models) ["https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf"]
Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers.
When considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["http://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that new device will be sufficient for their network needs; new devices contain sufficient memory, and current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
Source
Cisco would like to thank the following people for reporting these vulnerabilities:
ADLab of Venustech: CVE-2021-1168, CVE-2021-1197, CVE-2021-1198, CVE-2021-1199, CVE-2021-1200, CVE-2021-1201, CVE-2021-1202, CVE-2021-1205, CVE-2021-1206, CVE-2021-1210, CVE-2021-1211, CVE-2021-1212, CVE-2021-1213, CVE-2021-1214, CVE-2021-1215, CVE-2021-1216, and CVE-2021-1217
Kai Cheng of the Institute of Information Engineering, Chinese Academy of Sciences: CVE-2021-1159, CVE-2021-1160, CVE-2021-1161, CVE-2021-1162, CVE-2021-1163, CVE-2021-1165, CVE-2021-1166, CVE-2021-1169, CVE-2021-1170, CVE-2021-1171, CVE-2021-1172, CVE-2021-1173, CVE-2021-1174, CVE-2021-1175, CVE-2021-1176, CVE-2021-1177, CVE-2021-1178, CVE-2021-1179, CVE-2021-1180, CVE-2021-1181, CVE-2021-1182, CVE-2021-1183, CVE-2021-1184, CVE-2021-1185, CVE-2021-1186, CVE-2021-1187, CVE-2021-1188, CVE-2021-1189, CVE-2021-1190, CVE-2021-1191, CVE-2021-1192, CVE-2021-1193, CVE-2021-1194, CVE-2021-1195, CVE-2021-1196, CVE-2021-1203, and CVE-2021-1204
Shizhi He of Wuhan University: CVE-2021-1167 and CVE-2021-1208
Simp1e of 1AQ Team: CVE-2021-1207, CVE-2021-1209, and CVE-2021-1307
Swings of Chaitin Security Research Lab: CVE-2021-1207, CVE-2021-1209, CVE-2021-1164, and CVE-2021-1307
Treck Zhou and Ares. Pan: CVE-2021-1164 and CVE-2021-1360
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ document: { acknowledgments: [ { summary: "Cisco would like to thank the following people for reporting these vulnerabilities:\r\n\r\nADLab of Venustech: CVE-2021-1168, CVE-2021-1197, CVE-2021-1198, CVE-2021-1199, CVE-2021-1200, CVE-2021-1201, CVE-2021-1202, CVE-2021-1205, CVE-2021-1206, CVE-2021-1210, CVE-2021-1211, CVE-2021-1212, CVE-2021-1213, CVE-2021-1214, CVE-2021-1215, CVE-2021-1216, and CVE-2021-1217\r\nKai Cheng of the Institute of Information Engineering, Chinese Academy of Sciences: CVE-2021-1159, CVE-2021-1160, CVE-2021-1161, CVE-2021-1162, CVE-2021-1163, CVE-2021-1165, CVE-2021-1166, CVE-2021-1169, CVE-2021-1170, CVE-2021-1171, CVE-2021-1172, CVE-2021-1173, CVE-2021-1174, CVE-2021-1175, CVE-2021-1176, CVE-2021-1177, CVE-2021-1178, CVE-2021-1179, CVE-2021-1180, CVE-2021-1181, CVE-2021-1182, CVE-2021-1183, CVE-2021-1184, CVE-2021-1185, CVE-2021-1186, CVE-2021-1187, CVE-2021-1188, CVE-2021-1189, CVE-2021-1190, CVE-2021-1191, CVE-2021-1192, CVE-2021-1193, CVE-2021-1194, CVE-2021-1195, CVE-2021-1196, CVE-2021-1203, and CVE-2021-1204\r\nShizhi He of Wuhan University: CVE-2021-1167 and CVE-2021-1208\r\nSimp1e of 1AQ Team: CVE-2021-1207, CVE-2021-1209, and CVE-2021-1307\r\nSwings of Chaitin Security Research Lab: CVE-2021-1207, CVE-2021-1209, CVE-2021-1164, and CVE-2021-1307\r\nTreck Zhou and Ares. Pan: CVE-2021-1164 and CVE-2021-1360", }, ], category: "csaf_security_advisory", csaf_version: "2.0", notes: [ { category: "summary", text: "Multiple vulnerabilities in the Universal Plug and Play (UPnP) service and the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.\r\n\r\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\r\n\r\nCisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\n", title: "Summary", }, { category: "general", text: "These vulnerabilities affect the following Cisco Small Business routers:\r\n\r\nRV110W Wireless-N VPN Firewall\r\nRV130 VPN Router\r\nRV130W Wireless-N Multifunction VPN Router\r\nRV215W Wireless-N VPN Router\r\n\r\nThe web-based management interface of these devices is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, the remote management feature is disabled for these devices.\r\n\r\nDetermine the Device Configuration\r\n\r\nTo determine whether the remote management feature is enabled for a device, open the web-based management interface and choose Basic Settings > Remote Management. If the Enable box is checked, remote management is enabled for the device.", title: "Vulnerable Products", }, { category: "general", text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.", title: "Products Confirmed Not Vulnerable", }, { category: "general", text: "The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.\r\n\r\nDetails about the vulnerabilities are as follows.\r\n\r\nCisco Small Business RV110W, RV130, RV130W, and RV215W Routers UPnP Remote Command Execution and Denial of Service Vulnerability\r\n\r\nA vulnerability in the Universal Plug and Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.\r\n\r\nThe vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition.\r\n\r\nCisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nBug ID(s): CSCvv79107, CSCvv79109, and CSCvv79110\r\nCVE ID: CVE-2021-1164\r\nSecurity Impact Rating (SIR): Critical\r\nCVSS Base Score: 9.8\r\nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\r\n\r\nCisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities\r\n\r\nMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker with valid administrator credentials to execute arbitrary code or cause an affected device to restart unexpectedly.\r\n\r\nThe vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.\r\n\r\nCisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\nBug ID(s): CSCvv96742, CSCvv96741, CSCvv96738, CSCvv96733, CSCvv96732, CSCvv96729, CSCvv96730, CSCvw10473, CSCvw10487, CSCvw10484, CSCvw04678, CSCvw04779, CSCvw04781, CSCvv96765, CSCvv96767, CSCvv96764, CSCvv96756, CSCvv96755, CSCvv96751, CSCvv96748, CSCvv96747, CSCvv96772, CSCvv96771, CSCvv96768, CSCvv96763, CSCvv96762, CSCvv96761, CSCvv96757, CSCvv96820, CSCvv96758, CSCvv96759, CSCvv96812, CSCvv96814, CSCvv96811, CSCvv96810, CSCvv96809, CSCvv96806, CSCvv96799, CSCvv96800, CSCvv96801, CSCvv96807, CSCvw06978, CSCvw06865, CSCvw06971, CSCvw06860, CSCvw06967, CSCvw06852, CSCvw06962, CSCvw06846, CSCvw06841, CSCvw06961, CSCvw06832, CSCvw06958, CSCvv96817, CSCvv96818, CSCvw06813, CSCvw06902, CSCvw06828, CSCvw06950, CSCvv71466, CSCvv71463, CSCvv69398, CSCvw49030, CSCvw49036, CSCvw49034, CSCvv71467, CSCvv71468, CSCvv65098, CSCvw07002, CSCvw06900, CSCvw06998, CSCvw06894, CSCvw06993, CSCvw06882, CSCvw06868, CSCvw06981, CSCvw06873, CSCvw06982, CSCvw06987, CSCvw06874, CSCvw06879, CSCvw06991, CSCvw06880, CSCvw06992, CSCvw76488, and CSCvw91642\r\nCVE ID(s): CVE-2021-1209, CVE-2021-1207, CVE-2021-1167, CVE-2021-1208, CVE-2021-1360, CVE-2021-1168, CVE-2021-1204, CVE-2021-1173, CVE-2021-1187, CVE-2021-1161, CVE-2021-1198, CVE-2021-1182, CVE-2021-1211, CVE-2021-1163, CVE-2021-1171, CVE-2021-1188, CVE-2021-1189, CVE-2021-1159, CVE-2021-1192, CVE-2021-1184, CVE-2021-1216, CVE-2021-1177, CVE-2021-1210, CVE-2021-1170, CVE-2021-1174, CVE-2021-1200, CVE-2021-1195, CVE-2021-1215, CVE-2021-1205, CVE-2021-1201, CVE-2021-1196, CVE-2021-1175, CVE-2021-1179, CVE-2021-1191, CVE-2021-1169, CVE-2021-1307, CVE-2021-1212, CVE-2021-1180, CVE-2021-1190, CVE-2021-1185, CVE-2021-1176, CVE-2021-1172, CVE-2021-1183, CVE-2021-1166, CVE-2021-1194, CVE-2021-1203, CVE-2021-1206, CVE-2021-1178, CVE-2021-1214, CVE-2021-1217, CVE-2021-1186, CVE-2021-1165, CVE-2021-1197, CVE-2021-1160, CVE-2021-1181, CVE-2021-1162, CVE-2021-1199, CVE-2021-1213, CVE-2021-1193, and CVE-2021-1202\r\nSecurity Impact Rating (SIR): High\r\nCVSS Base Score: 7.2\r\nCVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", title: "Details", }, { category: "general", text: "There are no workarounds that address these vulnerabilities.", title: "Workarounds", }, { category: "general", text: "Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products:\r\n\r\nEnd-of-Sale and End-of-Life Announcement for the Cisco Small Business RV Series Routers (selected models) [\"https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf\"]\r\n\r\nCustomers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers.\r\n\r\nWhen considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"http://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that new device will be sufficient for their network needs; new devices contain sufficient memory, and current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.", title: "Fixed Software", }, { category: "general", text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", title: "Vulnerability Policy", }, { category: "general", text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.", title: "Exploitation and Public Announcements", }, { category: "general", text: "Cisco would like to thank the following people for reporting these vulnerabilities:\r\n\r\nADLab of Venustech: CVE-2021-1168, CVE-2021-1197, CVE-2021-1198, CVE-2021-1199, CVE-2021-1200, CVE-2021-1201, CVE-2021-1202, CVE-2021-1205, CVE-2021-1206, CVE-2021-1210, CVE-2021-1211, CVE-2021-1212, CVE-2021-1213, CVE-2021-1214, CVE-2021-1215, CVE-2021-1216, and CVE-2021-1217\r\nKai Cheng of the Institute of Information Engineering, Chinese Academy of Sciences: CVE-2021-1159, CVE-2021-1160, CVE-2021-1161, CVE-2021-1162, CVE-2021-1163, CVE-2021-1165, CVE-2021-1166, CVE-2021-1169, CVE-2021-1170, CVE-2021-1171, CVE-2021-1172, CVE-2021-1173, CVE-2021-1174, CVE-2021-1175, CVE-2021-1176, CVE-2021-1177, CVE-2021-1178, CVE-2021-1179, CVE-2021-1180, CVE-2021-1181, CVE-2021-1182, CVE-2021-1183, CVE-2021-1184, CVE-2021-1185, CVE-2021-1186, CVE-2021-1187, CVE-2021-1188, CVE-2021-1189, CVE-2021-1190, CVE-2021-1191, CVE-2021-1192, CVE-2021-1193, CVE-2021-1194, CVE-2021-1195, CVE-2021-1196, CVE-2021-1203, and CVE-2021-1204\r\nShizhi He of Wuhan University: CVE-2021-1167 and CVE-2021-1208\r\nSimp1e of 1AQ Team: CVE-2021-1207, CVE-2021-1209, and CVE-2021-1307\r\nSwings of Chaitin Security Research Lab: CVE-2021-1207, CVE-2021-1209, CVE-2021-1164, and CVE-2021-1307\r\nTreck Zhou and Ares. Pan: CVE-2021-1164 and CVE-2021-1360", title: "Source", }, { category: "legal_disclaimer", text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", title: "Legal Disclaimer", }, ], publisher: { category: "vendor", contact_details: "psirt@cisco.com", issuing_authority: "Cisco PSIRT", name: "Cisco", namespace: "https://wwww.cisco.com", }, references: [ { category: "self", summary: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { category: "external", summary: "Cisco Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, { category: "external", summary: "End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV Series Routers (selected models)", url: "https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-742771.pdf", }, { category: "external", summary: "Cisco Security Advisories and Alerts page", url: "http://www.cisco.com/go/psirt", }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities", tracking: { current_release_date: "2021-01-19T16:21:32+00:00", generator: { date: "2024-05-10T22:57:30+00:00", engine: { name: "TVCE", }, }, id: "cisco-sa-rv-overflow-WUnUgv4U", initial_release_date: "2021-01-13T16:00:00+00:00", revision_history: [ { date: "2021-01-13T15:40:36+00:00", number: "1.0.0", summary: "Initial public release.", }, { date: "2021-01-14T15:33:52+00:00", number: "1.1.0", summary: "Updated external researcher information.", }, { date: "2021-01-19T16:21:32+00:00", number: "2.0.0", summary: "Changed advisory SIR from High to Critical. Updated the advisory title. Added a Details section. Changed the description and updated the CVSS score and SIR for CVE-2021-1164.", }, ], status: "final", version: "2.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_family", name: "Cisco Small Business RV Series Router Firmware", product: { name: "Cisco Small Business RV Series Router Firmware ", product_id: "CSAFPID-183630", }, }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1209", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv71468", }, { system_name: "Cisco Bug ID", text: "CSCvv65098", }, { system_name: "Cisco Bug ID", text: "CSCvv71467", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1207", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv71466", }, { system_name: "Cisco Bug ID", text: "CSCvv69398", }, { system_name: "Cisco Bug ID", text: "CSCvv71463", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1208", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw49034", }, { system_name: "Cisco Bug ID", text: "CSCvw49030", }, { system_name: "Cisco Bug ID", text: "CSCvw49036", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1168", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw04779", }, { system_name: "Cisco Bug ID", text: "CSCvw04678", }, { system_name: "Cisco Bug ID", text: "CSCvw04781", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1204", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96818", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1187", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96812", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1198", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06860", }, { system_name: "Cisco Bug ID", text: "CSCvw06971", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1182", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96761", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1211", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06894", }, { system_name: "Cisco Bug ID", text: "CSCvw06998", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1163", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96732", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1171", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96764", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1164", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv79107", }, { system_name: "Cisco Bug ID", text: "CSCvv79109", }, { system_name: "Cisco Bug ID", text: "CSCvv79110", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers UPNP Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1188", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96814", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1189", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96811", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1159", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96742", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1192", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96806", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1184", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96820", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1216", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06879", }, { system_name: "Cisco Bug ID", text: "CSCvw06991", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1177", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96772", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1210", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06900", }, { system_name: "Cisco Bug ID", text: "CSCvw07002", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1170", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96767", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1174", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96751", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1200", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06846", }, { system_name: "Cisco Bug ID", text: "CSCvw06962", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1195", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96801", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1215", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06874", }, { system_name: "Cisco Bug ID", text: "CSCvw06987", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1205", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06813", }, { system_name: "Cisco Bug ID", text: "CSCvw06902", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1201", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06841", }, { system_name: "Cisco Bug ID", text: "CSCvw06961", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1196", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96807", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1175", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96748", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1179", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96768", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1191", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96809", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1169", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96765", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1212", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06882", }, { system_name: "Cisco Bug ID", text: "CSCvw06993", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1180", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96763", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1190", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96810", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1185", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96758", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1176", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96747", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1172", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96756", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1183", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96757", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1166", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96730", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1194", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96800", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1203", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96817", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1206", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06828", }, { system_name: "Cisco Bug ID", text: "CSCvw06950", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1178", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96771", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1214", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06873", }, { system_name: "Cisco Bug ID", text: "CSCvw06982", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1217", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06880", }, { system_name: "Cisco Bug ID", text: "CSCvw06992", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1186", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96759", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1165", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96729", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1197", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06865", }, { system_name: "Cisco Bug ID", text: "CSCvw06978", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1160", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96741", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1181", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96762", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1162", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96733", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1199", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06852", }, { system_name: "Cisco Bug ID", text: "CSCvw06967", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1213", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06868", }, { system_name: "Cisco Bug ID", text: "CSCvw06981", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1193", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96799", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1202", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw06832", }, { system_name: "Cisco Bug ID", text: "CSCvw06958", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1167", ids: [ { system_name: "Cisco Bug ID", text: "CSCvw10484", }, { system_name: "Cisco Bug ID", text: "CSCvw10473", }, { system_name: "Cisco Bug ID", text: "CSCvw10487", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1360", notes: [ { category: "other", text: "Not available.", title: "Affected Product Comprehensiveness", }, ], release_date: "2021-01-13T16:00:00+00:00", title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", }, { cve: "CVE-2021-1173", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96755", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1161", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv96738", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-183630", ], }, release_date: "2021-01-13T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-183630", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-183630", ], }, ], title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, { cve: "CVE-2021-1307", notes: [ { category: "other", text: "Not available.", title: "Affected Product Comprehensiveness", }, ], release_date: "2021-01-13T16:00:00+00:00", title: "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability", }, ], }
fkie_cve-2021-1188
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv110w_firmware | 1.2.2.8 | |
| cisco | rv110w_firmware | 1.3.1.7 | |
| cisco | rv110w | - | |
| cisco | rv130_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv130_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv130_vpn_router | - | |
| cisco | rv130w_firmware | 1.2.2.8 | |
| cisco | rv130w_firmware | 1.3.1.7 | |
| cisco | rv130w | - | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.2.2.8 | |
| cisco | rv215w_wireless-n_vpn_router_firmware | 1.3.1.7 | |
| cisco | rv215w_wireless-n_vpn_router | - | |
| cisco | application_extension_platform | 1.0.3.55 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FF28AEEA-34F1-40F1-ACDC-25FDD56EA282", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "818DD411-2312-4BC8-8909-8392B26EDA7B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*", matchCriteriaId: "20E8ECAC-E842-41DB-9612-9374A9648DC2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "ABA0B7A6-EAE1-4BE8-BE63-2EAE0B3A388E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F3F1C89A-C44F-4547-967E-918FA10ED8C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "DCBD42A1-5F35-4052-B528-27EE508FD276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "AB9EA4F1-ED61-4ED1-8678-1F6BD75007E8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "F04F9D87-B28C-45AE-9AD3-477A1DE65CE6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*", matchCriteriaId: "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0B0589D7-1930-4A25-A077-BE155D66B2F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "0E0A1ADE-2C39-45F9-BCFE-0A6EF3FB8197", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", matchCriteriaId: "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", matchCriteriaId: "BFB84906-A29C-427D-9BE2-D38686E8F86F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco Small Business RV110W, RV130, RV130W, y RV215W, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario o causar que un dispositivo afectado se reinicie inesperadamente. Las vulnerabilidades son debido a una comprobación inapropiada de la entrada suministrada por el usuario en la interfaz de administración basada en web. Un atacante podría explotar estas vulnerabilidades mediante el envío de peticiones HTTP diseñadas hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condición de denegación de servicio (DoS). Para explotar estas vulnerabilidades, un atacante necesitaría tener credenciales de administrador válidas en el dispositivo afectado. Cisco no ha publicado actualizaciones de software que aborden estas vulnerabilidades.", }, ], id: "CVE-2021-1188", lastModified: "2024-11-21T05:43:47.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:18.037", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-37cv-ggq7-j55v
Vulnerability from github
Published
2022-05-24 17:39
Modified
2022-05-24 17:39
Details
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
{ affected: [], aliases: [ "CVE-2021-1188", ], database_specific: { cwe_ids: [ "CWE-787", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-01-13T22:15:00Z", severity: "HIGH", }, details: "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", id: "GHSA-37cv-ggq7-j55v", modified: "2022-05-24T17:39:06Z", published: "2022-05-24T17:39:06Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-1188", }, { type: "WEB", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", }, ], schema_version: "1.4.0", severity: [], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.