PT-2021-2543 · Cisco · Cisco Small Business Rv130W+3

Published

2021-04-07

Updated

2022-08-05

CVE-2021-1459

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers (affected versions not specified)

Description: A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The issue is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this by sending crafted HTTP requests to a targeted device, potentially allowing the execution of arbitrary code as the root user on the underlying operating system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-119

Related Identifiers

BDU:2021-01949

CVE-2021-1459

Affected Products

Cisco Small Business Rv110W

Cisco Small Business Rv130

Cisco Small Business Rv130W

Cisco Small Business Rv215W

PT-2021-2543 · Cisco · Cisco Small Business Rv130W+3

CVE-2021-1459

Weakness Enumeration

Related Identifiers

Affected Products

References · 7