CVE-2021-1290
published 2021-02-04CVE-2021-1290: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.24%
89.8th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | rv160_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv160w_wireless-ac_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260p_vpn_router_with_poe_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260w_wireless-ac_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | small_business_rv160_rv160w_rv260_rv260p_and_rv260w_vpn_routers | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector targets the web-based management interface via crafted HTTP requests; monitor for anomalous or malformed HTTP requests to the management interface of Cisco RV160/RV160W/RV260/RV260P/RV260W devices ↗
- →Exploitation is unauthenticated and remote — no credentials required; alert on any RCE-indicative activity (e.g., unexpected root-level process spawning) originating from the management interface of affected devices ↗
- →Root cause is improper validation of HTTP requests (CWE-472); inspect HTTP request handling on the management plane for unexpected parameter manipulation or external variable influence ↗
- ·Affected devices: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers. Restrict management interface access to trusted hosts only and apply Cisco-released software updates. ↗
- ·Multiple Cisco bug IDs are associated with this CVE (CSCvw13908, CSCvw13917, CSCvw19718), indicating several distinct vulnerable code paths exist within the same management interface. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
vendor_cisco·2021-02-03·CVSS 9.8
CVE-2021-1289 [CRITICAL] CWE-472 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.
These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these
Cisco
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1290 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
CVE-2021-1290: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Cisco has released software updates that address these vulnerabilities. There are no
CVSS: 3.1
CWE: CW
GHSA
GHSA-8vm8-c58w-96hq: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allo
ghsa_unreviewed·2022-05-24
CVE-2021-1290 [CRITICAL] CWE-472 GHSA-8vm8-c58w-96hq: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allo
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
No detection rules found.
No public exploits indexed.
2021-02-04
Published