PT-2021-1932 · Cisco · Cisco Small Business Rv160+4

T. Shiomitsu

Published

2021-02-03

Updated

2021-02-08

CVE-2021-1291

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers (affected versions not specified)

Description The issue exists in the web-based management interface of the affected devices due to improper validation of HTTP requests. An unauthenticated, remote attacker could exploit this by sending a crafted HTTP request to the interface, potentially allowing the execution of arbitrary code as the root user on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-472

Related Identifiers

BDU:2021-00736

CVE-2021-1291

ZDI-21-132

Affected Products

Cisco Small Business Rv160

Cisco Small Business Rv160W

Cisco Small Business Rv260

Cisco Small Business Rv260P

Cisco Small Business Rv260W

PT-2021-1932 · Cisco · Cisco Small Business Rv160+4

CVE-2021-1291

Weakness Enumeration

Related Identifiers

Affected Products

References · 7