CVE-2021-1333 — Stack-based Buffer Overflow in Cisco Rv016 Multi-wan VPN Router Firmware
Severity
7.2HIGHNVD
GHSA5.9GHSA5.3
EPSS
0.4%
top 37.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateFeb 12
Description
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful ex…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages7 packages
🔴Vulnerability Details
40📋Vendor Advisories
9Microsoft▶
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions because of a regular expression denial of service (ReDoS) flaw in the LDAP schem↗2022-06-14
Microsoft▶
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1 3.1.2 3.0.2 and 2.0.1.↗2022-01-11
GitLab▶
CVE-2021-39940: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, a↗2021-12-13
GitLab▶
CVE-2021-39933: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4,↗2021-12-13