PT-2021-2537 · Cisco · Rv340+3
Takeshi Shiomitsu
·
Published
2021-04-07
·
Updated
2024-09-21
·
CVE-2021-1473
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Cisco Small Business RV340 version 1.0.03.21 and earlier
Cisco Small Business RV340W versions prior to 1.0.03.21
Cisco Small Business RV345 versions prior to 1.0.03.21
Cisco Small Business RV345P versions prior to 1.0.03.21
Description:
The vulnerability in the web-based management interface of Cisco Small Business RV Series Routers is related to insufficient input validation. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code, bypass authentication, or upload files on an affected device.
Recommendations:
For Cisco Small Business RV340 version 1.0.03.21 and earlier, update to a version later than 1.0.03.21.
For Cisco Small Business RV340W versions prior to 1.0.03.21, update to a version later than 1.0.03.21.
For Cisco Small Business RV345 versions prior to 1.0.03.21, update to a version later than 1.0.03.21.
For Cisco Small Business RV345P versions prior to 1.0.03.21, update to a version later than 1.0.03.21.
As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.
Exploit
Fix
Command Injection
Buffer Overflow
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rv340
Rv340W
Rv345
Rv345P