Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

2021-02-05T08:02:00

Description

[![](https://thehackernews.com/images/-4DAqKERIo90/YBz7aP6gjXI/AAAAAAAABsg/P9pY5BKaE4g9XcOtbFVNYes_4IHBUbORACLcBGAsYHQ/s0/cisco.jpg)](<https://thehackernews.com/images/-4DAqKERIo90/YBz7aP6gjXI/AAAAAAAABsg/P9pY5BKaE4g9XcOtbFVNYes_4IHBUbORACLcBGAsYHQ/s0/cisco.jpg>) Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The [flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf>) — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02. Along with the aforementioned three vulnerabilities, patches have also been released for two more [arbitrary file write flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn>) (CVE-2021-1296 and CVE-2021-1297) affecting the same set of VPN routers that could have made it possible for an adversary to overwrite arbitrary files on the vulnerable system. All the nine security issues were reported to the networking equipment maker by security researcher Takeshi Shiomitsu, who has previously uncovered [similar critical flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn>) in RV110W, RV130W, and RV215W Routers that could be leveraged for remote code execution (RCE) attacks. While exact specifics of the vulnerabilities are still unclear, Cisco said the flaws — * **CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, and CVE-2021-1295** are a result of improper validation of HTTP requests, allowing an attacker to craft a specially-crafted HTTP request to the web-based management interface and achieve RCE. * **CVE-2021-1296 and CVE-2021-1297** are due to insufficient input validation, permitting an attacker to exploit these flaws using the web-based management interface to upload a file to a location that they should not have access to. Separately, another set of [five glitches](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd>) (CVE-2021-1314 through CVE-2021-1318) in the web-based management interface of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers could have granted an attacker the ability to inject arbitrary commands on the routers that are executed with root privileges. Lastly, Cisco also addressed [30 additional vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj>) (CVE-2021-1319 through CVE-2021-1348), affecting the same set of products, that could allow an authenticated, remote attacker to execute arbitrary code and even cause a denial-of-service condition. "To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device," Cisco said in an advisory published on February 3. Kai Cheng from the Institute of Information Engineering, which is part of the Chinese Academy of Sciences, has been credited with reporting the 35 flaws in the router management interface. The company also noted there's been no evidence of active exploitation attempts in the wild for any of these flaws, nor are there any workarounds that address the vulnerabilities. Found this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter __](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.

{"id": "THN:09856C3DA9585899DC2617289C9CA19A", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "Critical Flaws Reported in Cisco VPN Routers for Businesses\u2014Patch ASAP", "description": "[![](https://thehackernews.com/images/-4DAqKERIo90/YBz7aP6gjXI/AAAAAAAABsg/P9pY5BKaE4g9XcOtbFVNYes_4IHBUbORACLcBGAsYHQ/s0/cisco.jpg)](<https://thehackernews.com/images/-4DAqKERIo90/YBz7aP6gjXI/AAAAAAAABsg/P9pY5BKaE4g9XcOtbFVNYes_4IHBUbORACLcBGAsYHQ/s0/cisco.jpg>)\n\nCisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.\n\nThe [flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf>) \u2014 tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) \u2014 impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02.\n\nAlong with the aforementioned three vulnerabilities, patches have also been released for two more [arbitrary file write flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn>) (CVE-2021-1296 and CVE-2021-1297) affecting the same set of VPN routers that could have made it possible for an adversary to overwrite arbitrary files on the vulnerable system.\n\nAll the nine security issues were reported to the networking equipment maker by security researcher Takeshi Shiomitsu, who has previously uncovered [similar critical flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn>) in RV110W, RV130W, and RV215W Routers that could be leveraged for remote code execution (RCE) attacks.\n\nWhile exact specifics of the vulnerabilities are still unclear, Cisco said the flaws \u2014\n\n * **CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, and CVE-2021-1295** are a result of improper validation of HTTP requests, allowing an attacker to craft a specially-crafted HTTP request to the web-based management interface and achieve RCE.\n * **CVE-2021-1296 and CVE-2021-1297** are due to insufficient input validation, permitting an attacker to exploit these flaws using the web-based management interface to upload a file to a location that they should not have access to.\n\nSeparately, another set of [five glitches](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd>) (CVE-2021-1314 through CVE-2021-1318) in the web-based management interface of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers could have granted an attacker the ability to inject arbitrary commands on the routers that are executed with root privileges.\n\nLastly, Cisco also addressed [30 additional vulnerabilities](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj>) (CVE-2021-1319 through CVE-2021-1348), affecting the same set of products, that could allow an authenticated, remote attacker to execute arbitrary code and even cause a denial-of-service condition.\n\n\"To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device,\" Cisco said in an advisory published on February 3.\n\nKai Cheng from the Institute of Information Engineering, which is part of the Chinese Academy of Sciences, has been credited with reporting the 35 flaws in the router management interface.\n\nThe company also noted there's been no evidence of active exploitation attempts in the wild for any of these flaws, nor are there any workarounds that address the vulnerabilities.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-02-05T08:02:00", "modified": "2021-02-05T08:02:23", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-1289", "CVE-2021-1290", "CVE-2021-1291", "CVE-2021-1292", "CVE-2021-1293", "CVE-2021-1294", "CVE-2021-1295", "CVE-2021-1296", "CVE-2021-1297", "CVE-2021-1314", "CVE-2021-1318", "CVE-2021-1319", "CVE-2021-1348"], "immutableFields": [], "lastseen": "2022-05-09T12:39:09", "viewCount": 84, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-RV-COMMAND-INJECT-BY4C5ZD", "CISCO-SA-RV-OVERFLOW-GHZP68YJ", "CISCO-SA-RV160-260-FILEWRITE-7X9MNKJN", "CISCO-SA-RV160-260-RCE-XZEFKNHF"]}, {"type": "cve", "idList": ["CVE-2021-1289", "CVE-2021-1290", "CVE-2021-1291", "CVE-2021-1292", "CVE-2021-1293", "CVE-2021-1294", "CVE-2021-1295", "CVE-2021-1296", "CVE-2021-1297", "CVE-2021-1314", "CVE-2021-1318", "CVE-2021-1319", "CVE-2021-1348"]}, {"type": "nessus", "idList": ["CISCO-SA-RV-OVERFLOW-GHZP68YJ.NASL", "CISCO-SA-RV160-260-FILEWRITE-7X9MNKJN.NASL", "CISCO-SA-RV160-260-RCE-XZEFKNHF.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:B1BF822A9492BC3F1906B2BE8845D60E"]}, {"type": "zdi", "idList": ["ZDI-21-130", "ZDI-21-131", "ZDI-21-132", "ZDI-21-133", "ZDI-21-134", "ZDI-21-135", "ZDI-21-136", "ZDI-21-137"]}], "rev": 4}, "score": {"value": 1.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cisco", "idList": ["CISCO-SA-RV-COMMAND-INJECT-BY4C5ZD", "CISCO-SA-RV-OVERFLOW-GHZP68YJ", "CISCO-SA-RV160-260-FILEWRITE-7X9MNKJN", "CISCO-SA-RV160-260-RCE-XZEFKNHF"]}, {"type": "cve", "idList": ["CVE-2021-1289", "CVE-2021-1290", "CVE-2021-1291", "CVE-2021-1292", "CVE-2021-1293", "CVE-2021-1294", "CVE-2021-1295", "CVE-2021-1296", "CVE-2021-1297", "CVE-2021-1314", "CVE-2021-1318", "CVE-2021-1319", "CVE-2021-1348"]}, {"type": "nessus", "idList": ["CISCO-SA-RV-OVERFLOW-GHZP68YJ.NASL", "CISCO-SA-RV160-260-FILEWRITE-7X9MNKJN.NASL", "CISCO-SA-RV160-260-RCE-XZEFKNHF.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:B1BF822A9492BC3F1906B2BE8845D60E"]}, {"type": "zdi", "idList": ["ZDI-21-130", "ZDI-21-131", "ZDI-21-132", "ZDI-21-133", "ZDI-21-134", "ZDI-21-135", "ZDI-21-136", "ZDI-21-137"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-1289", "epss": "0.002330000", "percentile": "0.596380000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1290", "epss": "0.002510000", "percentile": "0.612510000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1291", "epss": "0.002330000", "percentile": "0.596380000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1292", "epss": "0.002330000", "percentile": "0.596380000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1293", "epss": "0.002330000", "percentile": "0.596380000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1294", "epss": "0.002510000", "percentile": "0.612510000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1295", "epss": "0.002040000", "percentile": "0.566500000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1296", "epss": "0.001400000", "percentile": "0.480590000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1297", "epss": "0.001400000", "percentile": "0.480590000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1314", "epss": "0.001650000", "percentile": "0.514360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1318", "epss": "0.001650000", "percentile": "0.514360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1319", "epss": "0.001570000", "percentile": "0.504890000", "modified": "2023-03-17"}, {"cve": "CVE-2021-1348", "epss": "0.001570000", "percentile": "0.504890000", "modified": "2023-03-17"}], "vulnersScore": 1.6}, "_state": {"dependencies": 1659893093, "score": 1698841580, "epss": 1679062491}, "_internal": {"score_hash": "fae569ab9173d6d98f9534e7a3fd3f59"}}

{"threatpost": [{"lastseen": "2021-02-04T16:08:26", "description": "Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to view or tamper with data, and perform other unauthorized actions on the routers.\n\nThe flaws exist in the web-based management interface of Cisco\u2019s small-business lineup of VPN routers. That includes its RV160, RV160W, RV260, RV260P, and RV260W models.\n\nVPN routers have virtual private network functionality built directly into them; that means they have firmware that can handle VPN connections in order to establish a secure connection at the hardware level. These specific router models, which range in price from $150 to $250, are purpose-built for small- and medium-sized businesses and are touted as being ideal for remote offices.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\n\u201cCisco has released software updates that address these vulnerabilities,\u201d according to Cisco [on Wednesday](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf>). \u201cThere are no workarounds that address these vulnerabilities.\u201d\n\nOverall, the issue has been assigned seven CVEs (CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, CVE-2021-1295). Cisco did not detail each CVE but did say that the CVEs have a base CVSS score of 9.8 out of 10 (making them critical in severity).\n\nThe flaws exist because HTTP requests are not properly validated in the management interface, according to Cisco. An attacker could exploit the vulnerabilities, merely by sending a specially crafted HTTP request to the management interface of one of the affected router models. From there, they would be able to execute arbitrary code as a root user, Cisco said.\n\nThe flaws affect the small business routers running a firmware release earlier than Release 1.0.01.02 \u2013 a fix has been rolled out as part of this release. Cisco has outlined further instructions on its security advisory [for how to apply the update](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf>).\n\nOn Wednesday, Cisco also warned of two high-severity flaws (CVE-2021-1296 and CVE-2021-1297) across this same set of small-business VPN routers. The flaws could allow unauthenticated, remote attackers to launch directory traversal attacks and overwrite certain files that should be restricted on affected systems. Directory traversal attacks are typically launched against devices with insufficient security validation, in order to access files and directories that are stored outside the web root folder.\n\n\u201cThese vulnerabilities are due to insufficient input validation,\u201d said Cisco. \u201cAn attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to.\u201d\n\nThese flaws are also fixed by firmware Release 1.0.01.02; The networking giant said that it\u2019s not aware of any exploits in the wild of the critical flaws for any of these flaws.\n\n## **High-Severity Flaws**\n\nCisco on Wednesday pushed out a flurry of patches addressing high-severity vulnerabilities beyond its VPN small-business routers. Two Cisco product families are affected by these flaws.\n\nOne affected product is Cisco\u2019s small business RV series routers \u2013 specifically, the RV016, RV042, RV042G, RV082, RV320, and RV325 models. Cisco [warned of issues in these routers](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj>) (tied to 30 CVEs) that could allow authenticated, remote attackers to execute arbitrary code or cause them to restart unexpectedly. The flaws, which stem from an improper validation of user-supplied input into the routers\u2019 web-based interface, could be exploited by an attacker by sending crafted HTTP requests to affected devices.\n\n\u201cA successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial-of-service (DoS) condition,\u201d said Cisco.\n\n[Another set of glitches](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd>) (tied to five CVEs) could also give an attacker the ability to inject arbitrary commands on the routers that are executed with root privileges. However, an attacker would first need administrative credentials, making this attack more complex to carry out.\n\nFinally, Cisco patched various high-severity flaws affecting its IOS XR software, a train of Cisco Systems\u2019 widely deployed Internetworking Operating System (IOS). [The most serious of these flaws](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2>) could allow an unauthenticated, remote attacker to trigger a denial-of-service (DoS) condition on affected devices in order to cripple them.\n\nSince the beginning of the year, Cisco has patched various vulnerabilities across its product lineup, including [multiple, critical vulnerabilities](<https://threatpost.com/critical-cisco-sd-wan-bugs-rce-attacks/163204/>) in its software-defined networking for wide-area networks ([SD-WAN](<https://threatpost.com/cisco-zero-day-anyconnect-secure-patch/160988/>)) solutions for business users, and a high-severity flaw in [its smart Wi-Fi solution for retailers](<https://threatpost.com/cisco-flaw-cmx-software-retailers/163027/>) that could allow a remote attacker to alter the password of any account user on affected systems.\n\n**Download our exclusive **[**FREE Threatpost Insider eBook, **](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook>)_**Healthcare Security Woes Balloon in a Covid-Era World**_**, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and **[**DOWNLOAD the eBook now**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** \u2013 on us!**\n", "cvss3": {}, "published": "2021-02-04T15:59:01", "type": "threatpost", "title": "Critical Cisco Flaws Open VPN Routers Up to RCE Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1289", "CVE-2021-1290", "CVE-2021-1291", "CVE-2021-1292", "CVE-2021-1293", "CVE-2021-1294", "CVE-2021-1295", "CVE-2021-1296", "CVE-2021-1297"], "modified": "2021-02-04T15:59:01", "id": "THREATPOST:B1BF822A9492BC3F1906B2BE8845D60E", "href": "https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-05-18T15:24:24", "description": "According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple remote code execution (RCE) vulnerabilities in the web-based management interface due to improper validation of HTTP requests. An unauthenticated, remote attacker could exploit this by sending a crafted HTTP request to the web-based management to execute arbitrary code as the root user on an affected device. \n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "Cisco Small Business RV Series VPN Multiple RCE (cisco-sa-rv160-260-rce-XZeFkNHf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1289", "CVE-2021-1290", "CVE-2021-1291", "CVE-2021-1292", "CVE-2021-1293", "CVE-2021-1294", "CVE-2021-1295"], "modified": "2021-02-05T00:00:00", "cpe": ["x-cpe:/o:cisco:small_business_rv_series_router_firmware"], "id": "CISCO-SA-RV160-260-RCE-XZEFKNHF.NASL", "href": "https://www.tenable.com/plugins/nessus/146268", "sourceData": "#TRUSTED 0ae2540d7a868919d45a6e5a52ed0fb9834adf49db795f65407456dd5d15a5c49d1e64e091f637eb97c37f55314038a2e62d3fcbf014e56b1fc8bcd37b2b390c2d89f4609b22b047ada471d6afc4ff5762d2a10eae3c704f0e100eb7eb79432b8b46aad40d74c4463f8302f3474778ddcd513c05904c89375292880224c9a789f49cefdb43ab5095817b227aa345ce7325084c78ce97f287bbeb2fab100434e418a4930332b0c15e1df9ee61b3f0aa373121a71bfa0c49da66cbd2961866fcbb16de400e3d0c1c3299fe874f60ff4cb9d34f48c5506eb37b1401d7521bb0c764de0478423d209b5969404b54776dd72383f7f96d45bf3cd2f341a58492c4322cd3bae7abf7cf6f96a89b457e11704c6519cea01c48b779983b4114df5186b697907d5d47c664b46029534c6f74b64d365bd32d022d2c6a5caf0cf4761925347d39ab3821195f39bc610d56f0cc10e58a7575e336501cabef4a418ee9a63a1abe9f27f4a929630f47c974d8b3cc4ef38c5248a16249036e33fb5742fd7f0c78c57d97c900715eec3a21b21bbdee5cd233251d0c64b495d137157a00e75eed660fe761e290edf5784ea17e05994a4ff84f8b800114ebe048268f348615c7cbf9869b5da3f4db4949d87e0a1665e9cb5486e4c2c863e1e50b11f8c4e3229f59653f808c1439a0cc7cc5c2993a2e343c664d4d34db6e9eb2b3f9b18b7ff5b44be817\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146268);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\n \"CVE-2021-1289\",\n \"CVE-2021-1290\",\n \"CVE-2021-1291\",\n \"CVE-2021-1292\",\n \"CVE-2021-1293\",\n \"CVE-2021-1294\",\n \"CVE-2021-1295\"\n );\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw13908\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw13917\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw19718\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw19849\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw27923\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw27982\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw50568\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-rv160-260-rce-XZeFkNHf\");\n script_xref(name:\"IAVA\", value:\"2021-A-0063\");\n\n script_name(english:\"Cisco Small Business RV Series VPN Multiple RCE (cisco-sa-rv160-260-rce-XZeFkNHf)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple\nremote code execution (RCE) vulnerabilities in the web-based management interface due to improper validation of HTTP\nrequests. An unauthenticated, remote attacker could exploit this by sending a crafted HTTP request to the web-based\nmanagement to execute arbitrary code as the root user on an affected device. \n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ad3e5a4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw13908\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw13917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw19718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw19849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw27923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw27982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw50568\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvw13908, CSCvw13917, CSCvw19718, CSCvw19849,\nCSCvw27923, CSCvw27982, CSCvw50568\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1289\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(472);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:cisco:small_business_rv_series_router_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_small_business_detect.nasl\", \"cisco_rv_webui_detect.nbin\");\n script_require_keys(\"Cisco/Small_Business_Router/Version\", \"Cisco/Small_Business_Router/Model\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Small Business Series Router Firmware');\n\nif (product_info.model !~ \"^RV(160|260)($|[^0-9])\") # RV160 / RV160W / RV260 / RV260W / RV260P\n audit(AUDIT_HOST_NOT, 'an affected Cisco Small Business RV Series Router');\n\nvuln_ranges = [\n { 'min_ver' : '0', 'fix_ver' : '1.0.01.02' }\n];\n\nreporting = make_array(\n 'port' , product_info['port'],\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvw13908, CSCvw13917, CSCvw19718, CSCvw19849, CSCvw27923, CSCvw27982, CSCvw50568',\n 'disable_caveat' , TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:59", "description": "According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple directory traversal and arbitrary file write vulnerabilities. An unauthenticated, remote attack could exploit these, by sending crafted requests, to access files outside of the web root or overwrite files on an affected system.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-rv160-260-filewrite-7x9mnKjn)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1296", "CVE-2021-1297"], "modified": "2021-02-09T00:00:00", "cpe": ["x-cpe:/o:cisco:small_business_rv_series_router_firmware"], "id": "CISCO-SA-RV160-260-FILEWRITE-7X9MNKJN.NASL", "href": "https://www.tenable.com/plugins/nessus/146267", "sourceData": "#TRUSTED 84e10f10e3e7f7dc91b6d689f36365888277100097322c539af558ca08c89facc3dabbfd0102ee0c4a14b5d46ea8a31c4844af7b15c8a7bd0c43a8022f740dede7d1a7c3a416e787311dcd6800d4a6143cfd4d6b86c37b005e9067cb5265e54580dc53a110988d849495b31b3dd25edd23e500a0eca6c1b29ab6aedca6788b7e5003eeeec29dfa250f3ed1918d9a33e8a36f4cb340576aa12b765cceedaf26a73b83d6383cb508cfad5ed50e1ece256705adff732aa8072b1d46204f22aa2ee0472add80648b9e9d544c2fcad61d8f2b81e1733a418b5d92e748d7e86d2cf33d7497d099db5b51c94b1ef7e465c865a9643df7443b6fb0b8a118a70d6a8ac35fc7bd44471c0f77539c399078d03327e8934ac615493c2cb249a2ffcf7dedb3fe1f0acbd7f077dfb91dd5dc899289f43aaa9a6f74e402fad236a20bcd343a442279d7b1059b4cd4740db969bf41065076aca0615285f54378932c1d75a00710103dd49d2c294442e2d4a198d5096007de168176590723d7c44e7daf5c8baa3f9a3913c24e28f16084635dd7ef01be5f136c2e4b319c0ae8a7bf7024de160d9661bdab4abcf6da2913051b8ad7626e67d0be5413b8cd50ec1e8e1f80a6b709ae8f6506041eba06015d5e3e32bc6f108b1f3da1bdbd825b90eb1a4d3f1c6b396450eecea7339032cc20f99f5329cda5d936a667cc582549af1058ed7f353a621c88\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146267);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\"CVE-2021-1296\", \"CVE-2021-1297\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw19856\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw22856\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-rv160-260-filewrite-7x9mnKjn\");\n script_xref(name:\"IAVA\", value:\"2021-A-0063\");\n\n script_name(english:\"Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-rv160-260-filewrite-7x9mnKjn)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple \ndirectory traversal and arbitrary file write vulnerabilities. An unauthenticated, remote attack could exploit these,\nby sending crafted requests, to access files outside of the web root or overwrite files on an affected system.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0028d4bd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw19856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw22856\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvw19856, CSCvw22856\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(36);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:cisco:small_business_rv_series_router_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_small_business_detect.nasl\", \"cisco_rv_webui_detect.nbin\");\n script_require_keys(\"Cisco/Small_Business_Router/Version\", \"Cisco/Small_Business_Router/Model\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Small Business Series Router Firmware');\n\n# RV160, RV160W, RV260, RV260P, RV260W\nif (toupper(product_info['model']) !~ \"^RV(160W?|260[PW]?)\")\n audit(AUDIT_HOST_NOT, 'an affected Cisco Small Business RV Series router');\n\nvuln_ranges = [{'min_ver':'0.0', 'fix_ver':'1.0.01.02'}];\n\nreporting = make_array(\n 'port' , product_info['port'],\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvw19856, CSCvw22856',\n 'disable_caveat' , TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:51", "description": "According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "Cisco Small Business RV Series Routers Management Interface Multiple Vulnerabilities (cisco-sa-rv-overflow-ghZP68yj)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-1319", "CVE-2021-1320", "CVE-2021-1321", "CVE-2021-1322", "CVE-2021-1323", "CVE-2021-1324", "CVE-2021-1325", "CVE-2021-1326", "CVE-2021-1327", "CVE-2021-1328", "CVE-2021-1329", "CVE-2021-1330", "CVE-2021-1331", "CVE-2021-1332", "CVE-2021-1333", "CVE-2021-1334", "CVE-2021-1335", "CVE-2021-1336", "CVE-2021-1337", "CVE-2021-1338", "CVE-2021-1339", "CVE-2021-1340", "CVE-2021-1341", "CVE-2021-1342", "CVE-2021-1343", "CVE-2021-1344", "CVE-2021-1345", "CVE-2021-1346", "CVE-2021-1347", "CVE-2021-1348"], "modified": "2021-02-05T00:00:00", "cpe": ["x-cpe:/o:cisco:small_business_rv_series_router_firmware", "cpe:/o:cisco:rv016_firmware", "cpe:/o:cisco:rv042_firmware", "cpe:/o:cisco:rv042g_firmware", "cpe:/o:cisco:rv082_firmware", "cpe:/o:cisco:rv320_firmware", "cpe:/o:cisco:rv325_firmware", "cpe:/h:cisco:rv016", "x-cpe:/h:cisco:rv042", "x-cpe:/h:cisco:rv042g", "x-cpe:/h:cisco:rv082", "x-cpe:/h:cisco:rv320", "x-cpe:/h:cisco:rv325"], "id": "CISCO-SA-RV-OVERFLOW-GHZP68YJ.NASL", "href": "https://www.tenable.com/plugins/nessus/146266", "sourceData": "#TRUSTED 2bd6f8f35274f7c8f2e561e50cd2aadfb087456c93a8b08cd39d40c23535f723a8794b130e7b92f7dbab84308eeafbd1e0ac35dd5b11b861bd64d67eaf7aa6b00d94a6a5b7a0582db52ddb524e4ee1b2b44a464bbdb716dcbe71fdc7b36862c76824afa366a97c993536fc8d21c6f144310d63045d880827994ef7d77ee10092b06619055db3921739b5f654554064d6f5dccd08a71b417a687ca55185eaa97acac96360ae7a074f0d26ff39ab35b9ecdee27c50f8a3f26e26db4652c97edf59c1715ece90310b5620a3ec5518d8d9a23d24fc4367ad85e30788d38a5bb840193dd19781e2a35161dfb1e209808e0b72265c2039ae98c4f0eb7d169ba5282968e9094352c6e2a21efb6f7f3b338a73c2648e7130346191662b26eabf74ab08caa5cd78111844b04a10e62a5fdb2bbc4cb8aedcf273441d02d497572b1e953d23684f608015208583a8f19216a1deba8b37394ba8d6318f42ca605b7f13859c88382ed6c2bb39d4eca56a8cc0e159837ca4c0dc3af7c56f53b8b028cd40bd760cce2612523e7cb7f40120f6cd467d1bbc5f427f42586e9d69fab3c63e4224da46b4762a8cf930d13c5394f6bf80fb4da7b9ceb8127c67245c8738c4d7e1026424f03646045e421a38f907dfe282817e955e62034878dea433ec44a657e16f02b934830cb32fca04ce2da896db7c19a1ecf4ec36b9914364710835ff25f4143720\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146266);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\n \"CVE-2021-1319\",\n \"CVE-2021-1320\",\n \"CVE-2021-1321\",\n \"CVE-2021-1322\",\n \"CVE-2021-1323\",\n \"CVE-2021-1324\",\n \"CVE-2021-1325\",\n \"CVE-2021-1326\",\n \"CVE-2021-1327\",\n \"CVE-2021-1328\",\n \"CVE-2021-1329\",\n \"CVE-2021-1330\",\n \"CVE-2021-1331\",\n \"CVE-2021-1332\",\n \"CVE-2021-1333\",\n \"CVE-2021-1334\",\n \"CVE-2021-1335\",\n \"CVE-2021-1336\",\n \"CVE-2021-1337\",\n \"CVE-2021-1338\",\n \"CVE-2021-1339\",\n \"CVE-2021-1340\",\n \"CVE-2021-1341\",\n \"CVE-2021-1342\",\n \"CVE-2021-1343\",\n \"CVE-2021-1344\",\n \"CVE-2021-1345\",\n \"CVE-2021-1346\",\n \"CVE-2021-1347\",\n \"CVE-2021-1348\"\n );\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97027\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97031\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97034\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97035\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97036\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97037\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97038\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97040\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97041\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97042\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97043\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97044\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97046\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97047\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97048\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97049\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97050\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97051\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97052\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97053\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97054\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97056\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97057\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97058\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97059\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97060\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97061\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97062\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97063\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvv97064\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-rv-overflow-ghZP68yj\");\n script_xref(name:\"IAVA\", value:\"2021-A-0064\");\n\n script_name(english:\"Cisco Small Business RV Series Routers Management Interface Multiple Vulnerabilities (cisco-sa-rv-overflow-ghZP68yj)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple\nvulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and\nRV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to\nrestart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based\nmanagement interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected\ndevice. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying\noperating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these\nvulnerabilities, an attacker would need to have valid administrator credentials on the affected device.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?496ff69a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv97064\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1319\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(121);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:cisco:small_business_rv_series_router_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:rv016_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:rv042_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:rv042g_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:rv082_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:rv320_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:rv325_firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:rv016\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:cisco:rv042\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:cisco:rv042g\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:cisco:rv082\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:cisco:rv320\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:cisco:rv325\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_small_business_detect.nasl\", \"cisco_rv_webui_detect.nbin\");\n script_require_keys(\"Cisco/Small_Business_Router/Version\", \"Cisco/Small_Business_Router/Model\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Small Business Series Router Firmware');\n\nif (toupper(product_info['model']) =~ \"^RV(016|042(G)?|082)\")\n{\n vuln_ranges = [\n { 'min_ver' : '0', 'fix_ver' : '4.2.3.15' }\n ];\n fix = 'See vendor advisory';\n}\nelse if (toupper(product_info['model']) =~ \"^RV32(0|5)\")\n{\n vuln_ranges = [\n { 'min_ver' : '0', 'fix_ver' : '1.5.1.12' }\n ];\n fix = '1.5.1.13';\n}\nelse\n{\n audit(AUDIT_HOST_NOT, 'an affected Cisco Small Business RV Series router');\n}\n\nreporting = make_array(\n 'port' , product_info['port'],\n 'severity' , SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'See vendor advisory',\n 'disable_caveat', TRUE,\n 'fix' , fix\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n vuln_ranges:vuln_ranges\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cisco": [{"lastseen": "2023-12-03T16:57:15", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.\n\nThese vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf\"]", "cvss3": {}, "published": "2021-02-03T16:00:00", "type": "cisco", "title": "Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-1289", "CVE-2021-1290", "CVE-2021-1291", "CVE-2021-1292", "CVE-2021-1293", "CVE-2021-1294", "CVE-2021-1295"], "modified": "2021-02-03T16:00:00", "id": "CISCO-SA-RV160-260-RCE-XZEFKNHF", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf", "cvss": {"score": 9.8, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"lastseen": "2023-12-03T16:57:11", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system.\n\nThese vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn\"]", "cvss3": {}, "published": "2021-02-03T16:00:00", "type": "cisco", "title": "Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-1296", "CVE-2021-1297"], "modified": "2021-02-03T16:00:00", "id": "CISCO-SA-RV160-260-FILEWRITE-7X9MNKJN", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn", "cvss": {"score": 7.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}, {"lastseen": "2023-12-03T16:57:14", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.\n\nThese vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd\"]", "cvss3": {}, "published": "2021-02-03T16:00:00", "type": "cisco", "title": "Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-1314", "CVE-2021-1315", "CVE-2021-1316", "CVE-2021-1317", "CVE-2021-1318"], "modified": "2021-02-03T16:00:00", "id": "CISCO-SA-RV-COMMAND-INJECT-BY4C5ZD", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd", "cvss": {"score": 7.2, "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, {"lastseen": "2023-12-03T16:57:18", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.\n\nThese vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj\"]", "cvss3": {}, "published": "2021-02-03T16:00:00", "type": "cisco", "title": "Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-1319", "CVE-2021-1320", "CVE-2021-1321", "CVE-2021-1322", "CVE-2021-1323", "CVE-2021-1324", "CVE-2021-1325", "CVE-2021-1326", "CVE-2021-1327", "CVE-2021-1328", "CVE-2021-1329", "CVE-2021-1330", "CVE-2021-1331", "CVE-2021-1332", "CVE-2021-1333", "CVE-2021-1334", "CVE-2021-1335", "CVE-2021-1336", "CVE-2021-1337", "CVE-2021-1338", "CVE-2021-1339", "CVE-2021-1340", "CVE-2021-1341", "CVE-2021-1342", "CVE-2021-1343", "CVE-2021-1344", "CVE-2021-1345", "CVE-2021-1346", "CVE-2021-1347", "CVE-2021-1348"], "modified": "2021-02-03T16:00:00", "id": "CISCO-SA-RV-OVERFLOW-GHZP68YJ", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj", "cvss": {"score": 7.2, "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "prion": [{"lastseen": "2023-11-22T00:30:37", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1318"], "modified": "2022-08-05T18:26:00", "id": "PRION:CVE-2021-1318", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1318", "cvss": {"score": 5.8, "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:36", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1319"], "modified": "2021-02-05T18:11:00", "id": "PRION:CVE-2021-1319", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1319", "cvss": {"score": 5.8, "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:35", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1295"], "modified": "2021-02-08T16:17:00", "id": "PRION:CVE-2021-1295", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1295", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:36", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1314"], "modified": "2022-08-05T18:27:00", "id": "PRION:CVE-2021-1314", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1314", "cvss": {"score": 5.8, "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:34", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1293"], "modified": "2021-02-08T16:16:00", "id": "PRION:CVE-2021-1293", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1293", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:34", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Directory traversal", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1297"], "modified": "2022-08-05T18:27:00", "id": "PRION:CVE-2021-1297", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1297", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T00:30:35", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1294"], "modified": "2021-02-08T16:17:00", "id": "PRION:CVE-2021-1294", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:34", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Directory traversal", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1296"], "modified": "2022-08-05T18:27:00", "id": "PRION:CVE-2021-1296", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1296", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T00:30:33", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1290"], "modified": "2021-02-08T16:16:00", "id": "PRION:CVE-2021-1290", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1290", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:33", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1291"], "modified": "2021-02-08T16:16:00", "id": "PRION:CVE-2021-1291", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1291", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:40", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1348"], "modified": "2021-02-05T16:18:00", "id": "PRION:CVE-2021-1348", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1348", "cvss": {"score": 5.8, "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:33", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1289"], "modified": "2021-02-08T16:15:00", "id": "PRION:CVE-2021-1289", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:30:33", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-04T17:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1292"], "modified": "2021-02-08T16:16:00", "id": "PRION:CVE-2021-1292", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-1292", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T14:24:07", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1318", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1318"], "modified": "2023-11-07T03:27:00", "cpe": ["cpe:/o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14"], "id": "CVE-2021-1318", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1318", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:23:59", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1296", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1296"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1296", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1296", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:24:15", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1314", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1314"], "modified": "2023-11-07T03:27:00", "cpe": ["cpe:/o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14"], "id": "CVE-2021-1314", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1314", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:24:13", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1319", "cwe": ["CWE-121"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1319"], "modified": "2023-11-07T03:27:00", "cpe": ["cpe:/o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14"], "id": "CVE-2021-1319", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1319", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:24:01", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1290", "cwe": ["CWE-472"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1290"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1290", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1290", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:24:20", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1348", "cwe": ["CWE-121"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1348"], "modified": "2023-11-07T03:28:00", "cpe": ["cpe:/o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14", "cpe:/o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11", "cpe:/o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14"], "id": "CVE-2021-1348", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1348", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:rv082_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv325_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv016_multi-wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv320_dual_gigabit_wan_vpn_router_firmware:1.5.1.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:rv042_dual_wan_vpn_router_firmware:4.2.3.14:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:24:01", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1293", "cwe": ["CWE-472"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1293"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1293", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:24:02", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1294", "cwe": ["CWE-472"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1294"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1294", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:24:03", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1291", "cwe": ["CWE-472"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1291"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1291", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1291", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:23:59", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1295", "cwe": ["CWE-472"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1295"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1295", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1295", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:24:04", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1297", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1297"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1297", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1297", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:23:58", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1289", "cwe": ["CWE-472"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1289"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1289", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1289", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-12-03T14:24:01", "description": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T17:15:00", "type": "cve", "title": "CVE-2021-1292", "cwe": ["CWE-472"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1292"], "modified": "2023-11-07T03:27:00", "cpe": [], "id": "CVE-2021-1292", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1292", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "zdi": [{"lastseen": "2023-12-03T20:25:47", "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. When parsing the Accept request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers Accept Header Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1290"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-131", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-131/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T20:25:44", "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers Cookie Header Stack-based Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1293"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-136", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-136/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T20:25:46", "description": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers RESTCONF file-upload Directory Traversal Arbitrary File Write Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1296"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-134", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-134/", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2023-12-03T20:25:44", "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. When parsing the filename parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers RESTCONF file-upload Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1294"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-137", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-137/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T20:25:50", "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. When parsing the Content-Type request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers RESTCONF Content-Type Header Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1291"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-132", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-132/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T20:25:44", "description": "This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers DNIAPI Directory Traversal Arbitrary File Creation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1297"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-135", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-135/", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2023-12-03T20:25:48", "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. When parsing the Authorization header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers Authorization Header Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1289"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-130", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-130/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T20:25:45", "description": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. A crafted URL can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-04T00:00:00", "type": "zdi", "title": "Cisco Multiple Routers RESTCONF URL Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1292"], "modified": "2021-02-04T00:00:00", "id": "ZDI-21-133", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-133/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

Description

Related