CVE-2021-1415

CWE-502Deserialization of Untrusted Data5 documents5 sources
Severity
6.3MEDIUM
EPSS
1.2%
top 21.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Rv340 FirmwareCisco Rv340w FirmwareCisco Rv345 Firmware+2 more
Timeline
PublishedApr 8
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages5 packages

NVDcisco/rv340w_firmware< 1.0.03.21
NVDcisco/rv345p_firmware< 1.0.03.21
NVDcisco/rv340_firmware< 1.0.03.21
NVDcisco/rv345_firmware< 1.0.03.21

🔴Vulnerability Details

2
GHSA
GHSA-5cqf-749j-9hmh: Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an a2022-05-24
CVEList
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities2021-04-08

📋Vendor Advisories

1
Cisco
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities2021-04-07

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Vulnerabilities in Gerbv could lead to code execution, information disclosure2022-02-24
CVE-2021-1415 (MEDIUM CVSS 6.3) | Multiple vulnerabilities in the web | cvebase.io