CVE-2021-1602
published 2021-08-04CVE-2021-1602: A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.03%
78.7th percentile
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | small_business_rv160_and_rv260_series_vpn_routers | — | — |
| cisco | small_business_rv_series_router_firmware | < 1.0.01.04 | 1.0.01.04 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the web-based management interface of affected Cisco Small Business RV160/RV260 series routers, sent by an unauthenticated remote attacker ↗
- →Successful exploitation results in OS command execution at root-level privileges; monitor for unexpected root-level process spawning from the web management process on affected devices ↗
- →Commands executed via this vulnerability are constrained to those without parameters; detection logic should look for anomalous no-argument command execution originating from the web management interface process ↗
- ·Affected devices are Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers only; scope detection rules accordingly ↗
- ·No workarounds are available; patching is the only mitigation — ensure detection/monitoring remains active until devices are updated ↗
- ·Vulnerability is classified as CWE-78 (OS Command Injection) with CVSS 3.1; input validation on the web management interface is the root cause ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cp25-9m7h-7j49: A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau
ghsa_unreviewed·2022-05-24
CVE-2021-1602 [CRITICAL] CWE-20 GHSA-cp25-9m7h-7j49: A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unau
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.
Cisco
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
vendor_cisco·2021-08-04·CVSS 8.2
CVE-2021-1602 [HIGH] CWE-78 Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.
Cisco has released software updates that
Cisco
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
vendor_cisco·CVSS 3.1
CVE-2021-1602 Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
CVE-2021-1602: Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root -level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. Cisco has released software
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-04
Published