CVE-2021-1322

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 (affected versions not specified)

Description: The issue is related to insufficient validation of user-supplied input in the web-based management interface, which could allow a remote attacker to execute arbitrary code or cause the device to restart unexpectedly. An attacker could exploit this by sending crafted HTTP requests to the affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service condition. The attacker would need to have valid administrator credentials on the affected device.

Recommendations: For Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, consider disabling remote access to the management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.