⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-1473

CWE-119Buffer OverflowCWE-78OS Command InjectionCWE-284Improper Access Control6 documents6 sources
Severity
9.8CRITICAL
EPSS
90.8%
top 0.37%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Cisco Rv340 FirmwareCisco Rv340w FirmwareCisco Rv345 Firmware+2 more
Timeline
PublishedApr 8
Latest updateMay 24

Description

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

NVDcisco/rv340_firmware< 1.0.03.21
NVDcisco/rv345_firmware< 1.0.03.21
NVDcisco/rv340w_firmware< 1.0.03.21
NVDcisco/rv345p_firmware< 1.0.03.21

🔴Vulnerability Details

3
GHSA
GHSA-gvf7-w4c7-rvrg: Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers2022-05-24
CVEList
Cisco Small Business RV Series Routers Vulnerabilities2021-04-08
VulnCheck
Cisco RV Series Routers Improper Restriction of Operations within the Bounds of a Memory Buffer2021

💥Exploits & PoCs

1
Metasploit
Cisco Small Business RV Series Authentication Bypass and Command Injection

📋Vendor Advisories

1
Cisco
Cisco Small Business RV Series Routers Vulnerabilities2021-04-07
CVE-2021-1473 (CRITICAL CVSS 9.8) | Multiple vulnerabilities exist in t | cvebase.io