CVE-2021-1472

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV Series Routers versions prior to 1.0.01.03 RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P (affected versions not specified)

Description: Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. The vulnerability is related to session management errors on affected devices, which could allow a remote attacker to bypass authentication and upload arbitrary files.

Recommendations: For versions prior to 1.0.01.03, update the firmware to version 1.0.01.03 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available. Avoid using the vulnerable web-based management interface until the issue is resolved. At the moment, there is no information about additional mitigation measures for other affected versions.