CVE-2021-1602 — OS Command Injection in Cisco Small Business RV Series Router Firmware

CWE-78 — OS Command Injection CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICALNVD

CNA8.2

EPSS

1.6%

top 18.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Small Business RV Series Router Firmware Cisco Small Business RV Series Router Firmware

Timeline

PublishedAug 4

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execut…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/small_business_rv_series_router_firmware< 1.0.01.04

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

🔴Vulnerability Details

GHSA

GHSA-cp25-9m7h-7j49: A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau↗2022-05-24

▶

CVEList

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability↗2021-08-04

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability↗2021-08-04

▶