CVE-2021-1251

CWE-119Buffer OverflowCWE-401Memory LeakCWE-130CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input Validation6 documents6 sources
Severity
7.4HIGH
EPSS
0.1%
top 73.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Cisco Cisco Small Business RV Series Router FirmwareCisco Rv132w FirmwareCisco Rv134w Firmware+9 more
Timeline
PublishedApr 8
Latest updateMay 24

Description

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages12 packages

NVDcisco/rv160_firmware1.0.1.14, 1.0.3.20+1
NVDcisco/rv260_firmware1.0.1.14, 1.0.3.20+1
NVDcisco/rv340_firmware1.0.1.14, 1.0.3.20+1
NVDcisco/rv345_firmware1.0.1.14, 1.0.3.20+1

🔴Vulnerability Details

2
GHSA
GHSA-8jq9-v6q2-frcj: Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers2022-05-24
CVEList
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities2021-04-08

📋Vendor Advisories

1
Cisco
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities2021-04-07

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Code execution vulnerability in Google Web Audio API2021-06-08
CVE-2021-1251 (HIGH CVSS 7.4) | Multiple vulnerabilities exist in t | cvebase.io