Cisco Small Business RV340 and Cisco Small Business Command Injection Vulnerability

2021-08-0600:00:00

China National Vulnerability Database

www.cnvd.org.cn

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

JSON

Cisco Small Business RV340 and Cisco Small Business are both products of Cisco, Inc. The Cisco Small Business RV340 and Cisco Small Business are both Cisco products, and the Cisco Small Business RV340 is a router. The vulnerability stems from a program that does not properly authenticate HTTP requests. An unauthenticated remote attacker could exploit the vulnerability to execute arbitrary commands via a specially crafted HTTP request.

CPENameOperatorVersion
cisco rv340 dual wan gigabit vpn router < 1.eq0.03.22
cisco rv340w dual wan gigabit wireless-ac vpn router < 1.eq0.03.22
cisco rv345 dual wan gigabit vpn router < 1.eq0.03.22
cisco rv345p dual wan gigabit poe vpn router < 1.eq0.03.22

Name	Operator	Version
cisco rv340 dual wan gigabit vpn router < 1.	eq	0.03.22
cisco rv340w dual wan gigabit wireless-ac vpn router < 1.	eq	0.03.22
cisco rv345 dual wan gigabit vpn router < 1.	eq	0.03.22
cisco rv345p dual wan gigabit poe vpn router < 1.	eq	0.03.22