Lucene search

[email protected]CVE-2021-1146

HistoryJan 13, 2021 - 10:15 p.m.

CVE-2021-1146

2021-01-1322:15:00

CWE-78

[email protected]

web.nvd.nist.gov

cisco

small business

rv routers

vulnerability

cve-2021-1146

web-based management

remote attacker

authenticated

command injection

root privileges

http requests

administrator credentials

software updates

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.9%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.

CPENameOperatorVersion
cisco:rv110w_firmwarecisco rv110w firmwareeq1.2.2.8
cisco:rv110w_firmwarecisco rv110w firmwareeq1.3.1.7
cisco:rv130_vpn_router_firmwarecisco rv130 vpn router firmwareeq1.2.2.8
cisco:rv130_vpn_router_firmwarecisco rv130 vpn router firmwareeq1.3.1.7
cisco:rv130w_firmwarecisco rv130w firmwareeq1.2.2.8
cisco:rv130w_firmwarecisco rv130w firmwareeq1.3.1.7
cisco:rv215w_wireless-n_vpn_router_firmwarecisco rv215w wireless-n vpn router firmwareeq1.2.2.8
cisco:rv215w_wireless-n_vpn_router_firmwarecisco rv215w wireless-n vpn router firmwareeq1.3.1.7
cisco:application_extension_platformcisco application extension platformeq1.0.3.55

CPE	Name	Operator	Version
cisco:rv110w_firmware	cisco rv110w firmware	eq	1.2.2.8
cisco:rv110w_firmware	cisco rv110w firmware	eq	1.3.1.7
cisco:rv130_vpn_router_firmware	cisco rv130 vpn router firmware	eq	1.2.2.8
cisco:rv130_vpn_router_firmware	cisco rv130 vpn router firmware	eq	1.3.1.7
cisco:rv130w_firmware	cisco rv130w firmware	eq	1.2.2.8
cisco:rv130w_firmware	cisco rv130w firmware	eq	1.3.1.7
cisco:rv215w_wireless-n_vpn_router_firmware	cisco rv215w wireless-n vpn router firmware	eq	1.2.2.8
cisco:rv215w_wireless-n_vpn_router_firmware	cisco rv215w wireless-n vpn router firmware	eq	1.3.1.7
cisco:application_extension_platform	cisco application extension platform	eq	1.0.3.55

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN

Social References

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVE-2021-1146

prion1 cisco1 threatpost1