CVE-2021-1520

Name of the Vulnerable Software and Affected Versions Cisco RV340, RV340W, RV345, and RV345P versions (affected versions not specified)

Description The issue is related to a buffer overflow in the messaging service of the affected routers, which could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system. This is due to the internal messaging service not properly sanitizing input. To exploit this, an attacker must first authenticate to the device and then send a crafted request to the internal service.

Recommendations For Cisco RV340, RV340W, RV345, and RV345P, consider restricting access to the internal messaging service until a patch is available. As a temporary workaround, avoid using the vulnerable vpntimer function until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.