CVE-2021-1321

CWE-121Stack-based Buffer OverflowCWE-1321Prototype PollutionCWE-915CWE-74CWE-84354 documents6 sources
Severity
7.2HIGH
EPSS
0.4%
top 37.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Cisco Rv016 Multi-wan VPN Router FirmwareCisco Rv042 Dual WAN VPN Router FirmwareCisco Rv042g Dual Gigabit WAN VPN Router Firmware+4 more
Timeline
PublishedFeb 4
Latest updateSep 27

Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful ex

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages7 packages

🔴Vulnerability Details

49
GHSA
algoliasearch-helper is vulnerable to Prototype Pollution in _merge()2025-09-27
GHSA
MrSwitch hello.js vulnerable to prototype pollution2023-08-11
GHSA
Baobab vulnerable to Prototype Pollution2023-01-07
GHSA
tree-kit vulnerable to Prototype Pollution2022-12-25
GHSA
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability2022-12-25

📋Vendor Advisories

4
Red Hat
algoliasearch-helper: algoliasearch-helper prototype pollution2025-09-27
Red Hat
async: Prototype Pollution in async2022-04-07
Red Hat
set-getter: prototype pollution in ‘set-getter may lead to DoS2021-06-10
Cisco
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities2021-02-03
CVE-2021-1321 (HIGH CVSS 7.2) | Multiple vulnerabilities in the web | cvebase.io