Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.
{"id": "CVE-2021-1314", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-1314", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.", "published": "2021-02-04T17:15:00", "modified": "2022-08-05T18:27:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1314", "reporter": "psirt@cisco.com", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd"], "cvelist": ["CVE-2021-1314"], "immutableFields": [], "lastseen": "2022-08-05T21:24:30", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-RV-COMMAND-INJECT-BY4C5ZD"]}, {"type": "thn", "idList": ["THN:09856C3DA9585899DC2617289C9CA19A"]}], "rev": 4}, "score": {"value": 2.7, "vector": "NONE"}, "twitter": {"counter": 3, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1358812614504157191", "text": " NEW: CVE-2021-1314 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to ... (click for more) Severity: HIGH https://t.co/AA2tmBRLd8?amp=1"}, {"link": "https://twitter.com/RemotelyAlerts/status/1555637708642328576", "text": "Severity: | Multiple vulnerabilities in the web-base... | CVE-2021-1314 | Link for more: https://t.co/7kunAy9tzf", "author": "RemotelyAlerts", "author_photo": "https://pbs.twimg.com/profile_images/1534892541354680322/G_Cairku_400x400.jpg"}]}, "backreferences": {"references": [{"type": "cisco", "idList": ["CISCO-SA-RV-COMMAND-INJECT-BY4C5ZD"]}, {"type": "thn", "idList": ["THN:09856C3DA9585899DC2617289C9CA19A"]}]}, "exploitation": null, "vulnersScore": 2.7}, "_state": {"dependencies": 1659893093, "twitter": 0, "score": 1659843777}, "_internal": {"score_hash": "c52e37901d79b5325ed6028dbc1bec7f"}, "cna_cvss": {"cna": "Cisco Systems, Inc.", "cvss": {"3": {"vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "score": 7.2}}}, "cpe": ["cpe:/o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14"], "cpe23": ["cpe:2.3:o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*"], "cwe": ["CWE-78"], "affectedSoftware": [{"cpeName": "cisco:rv016_multi-wan_vpn_router_firmware", "version": "4.2.3.14", "operator": "le", "name": "cisco rv016 multi-wan vpn router firmware"}, {"cpeName": "cisco:rv042_dual_wan_vpn_router_firmware", "version": "4.2.3.14", "operator": "le", "name": "cisco rv042 dual wan vpn router firmware"}, {"cpeName": "cisco:rv042g_dual_gigabit_wan_vpn_router_firmware", "version": "4.2.3.14", "operator": "le", "name": "cisco rv042g dual gigabit wan vpn router firmware"}, {"cpeName": "cisco:rv082_dual_wan_vpn_router_firmware", "version": "4.2.3.14", "operator": "le", "name": "cisco rv082 dual wan vpn router firmware"}, {"cpeName": "cisco:rv320_dual_gigabit_wan_vpn_router_firmware", "version": "1.5.1.11", "operator": "le", "name": "cisco rv320 dual gigabit wan vpn router firmware"}, {"cpeName": "cisco:rv325_dual_gigabit_wan_vpn_router_firmware", "version": "1.5.1.11", "operator": "le", "name": "cisco rv325 dual gigabit wan vpn router firmware"}], "affectedConfiguration": [{"name": "cisco rv016 multi-wan vpn router", "cpeName": "cisco:rv016_multi-wan_vpn_router", "version": "-", "operator": "eq"}, {"name": "cisco rv042 dual wan vpn router", "cpeName": "cisco:rv042_dual_wan_vpn_router", "version": "-", "operator": "eq"}, {"name": "cisco rv042g dual gigabit wan vpn router", "cpeName": "cisco:rv042g_dual_gigabit_wan_vpn_router", "version": "-", "operator": "eq"}, {"name": "cisco rv082 dual wan vpn router", "cpeName": "cisco:rv082_dual_wan_vpn_router", "version": "-", "operator": "eq"}, {"name": "cisco rv320 dual gigabit wan vpn router", "cpeName": "cisco:rv320_dual_gigabit_wan_vpn_router", "version": "-", "operator": "eq"}, {"name": "cisco rv325 dual gigabit wan vpn router", "cpeName": "cisco:rv325_dual_gigabit_wan_vpn_router", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "versionEndIncluding": "4.2.3.14", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:rv016_multi-wan_vpn_router:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "versionEndIncluding": "4.2.3.14", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:rv042_dual_wan_vpn_router:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "versionEndIncluding": "4.2.3.14", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn_router:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "versionEndIncluding": "4.2.3.14", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:rv082_dual_wan_vpn_router:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "versionEndIncluding": "1.5.1.11", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:rv320_dual_gigabit_wan_vpn_router:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "versionEndIncluding": "1.5.1.11", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:cisco:rv325_dual_gigabit_wan_vpn_router:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd", "name": "20210203 Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities", "refsource": "CISCO", "tags": ["Vendor Advisory"]}]}
{"cisco": [{"lastseen": "2021-09-02T22:30:49", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.\n\nThese vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd\"]", "cvss3": {}, "published": "2021-02-03T16:00:00", "type": "cisco", "title": "Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-1314", "CVE-2021-1315", "CVE-2021-1316", "CVE-2021-1317", "CVE-2021-1318"], "modified": "2021-02-03T16:00:00", "id": "CISCO-SA-RV-COMMAND-INJECT-BY4C5ZD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd", "cvss": {"score": 7.2, "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "thn": [{"lastseen": "2022-05-09T12:39:09", "description": "[](<https://thehackernews.com/images/-4DAqKERIo90/YBz7aP6gjXI/AAAAAAAABsg/P9pY5BKaE4g9XcOtbFVNYes_4IHBUbORACLcBGAsYHQ/s0/cisco.jpg>)\n\nCisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.\n\nThe [flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf>) \u2014 tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) \u2014 impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02.\n\nAlong with the aforementioned three vulnerabilities, patches have also been released for two more [arbitrary file write flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn>) (CVE-2021-1296 and CVE-2021-1297) affecting the same set of VPN routers that could have made it possible for an adversary to overwrite arbitrary files on the vulnerable system.\n\nAll the nine security issues were reported to the networking equipment maker by security researcher Takeshi Shiomitsu, who has previously uncovered [similar critical flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn>) in RV110W, RV130W, and RV215W Routers that could be leveraged for remote code execution (RCE) attacks.\n\nWhile exact specifics of the vulnerabilities are still unclear, Cisco said the flaws \u2014\n\n * **CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, and CVE-2021-1295** are a result of improper validation of HTTP requests, allowing an attacker to craft a specially-crafted HTTP request to the web-based management interface and achieve RCE.\n * **CVE-2021-1296 and CVE-2021-1297** are due to insufficient input validation, permitting an attacker to exploit these flaws using the web-based management interface to upload a file to a location that they should not have access to.\n\nSeparately, another set of [five glitches](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd>) (CVE-2021-1314 through CVE-2021-1318) in the web-based management interface of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers could have granted an attacker the ability to inject arbitrary commands on the routers that are executed with root privileges.\n\nLastly, Cisco also addressed [30 additional vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj>) (CVE-2021-1319 through CVE-2021-1348), affecting the same set of products, that could allow an authenticated, remote attacker to execute arbitrary code and even cause a denial-of-service condition.\n\n\"To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device,\" Cisco said in an advisory published on February 3.\n\nKai Cheng from the Institute of Information Engineering, which is part of the Chinese Academy of Sciences, has been credited with reporting the 35 flaws in the router management interface.\n\nThe company also noted there's been no evidence of active exploitation attempts in the wild for any of these flaws, nor are there any workarounds that address the vulnerabilities.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-05T08:02:00", "type": "thn", "title": "Critical Flaws Reported in Cisco VPN Routers for Businesses\u2014Patch ASAP", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1289", "CVE-2021-1290", "CVE-2021-1291", "CVE-2021-1292", "CVE-2021-1293", "CVE-2021-1294", "CVE-2021-1295", "CVE-2021-1296", "CVE-2021-1297", "CVE-2021-1314", "CVE-2021-1318", "CVE-2021-1319", "CVE-2021-1348"], "modified": "2021-02-05T08:02:23", "id": "THN:09856C3DA9585899DC2617289C9CA19A", "href": "https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2021-1314
