cbcvebase.
CVE-2021-1609
published 2021-08-04

CVE-2021-1609: Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
9.69%
94.9th percentile
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_small_business_rv_series_router_firmware
ciscorv340_rv340w_rv345_and_rv345p_dual_wan_gigabit_vpn_routers_web_management
ciscosmall_business_rv_series_router_firmware< 1.0.03.221.0.03.22

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-1609 is exploitable via a specially crafted HTTP request to the web management interface; detect anomalous/malformed HTTP requests targeting Cisco RV340/RV340W/RV345/RV345P web management ports
  • The vulnerability stems from improper validation of HTTP requests (CWE-121 stack-based buffer overflow, CWE-149 improper neutralization); monitor web management interface traffic on affected Cisco Small Business VPN routers for unexpected or oversized HTTP request payloads
  • ·CVE-2021-1609 (RCE/DoS, CVSSv3 9.8) and CVE-2021-1610 (command injection, CVSSv3 7.2) are distinct vulnerabilities that can be exploited independently; some firmware versions may only be affected by one of the two
  • ·Affected devices are RV340, RV340W, RV345, and RV345P only; RV160, RV160W, RV260, RV260P, and RV260W are NOT vulnerable
  • ·Firmware version 1.0.03.22 and later fixes these vulnerabilities; devices running earlier firmware are vulnerable
  • ·CWE classifications for CVE-2021-1609 are CWE-121 (Stack-based Buffer Overflow) and CWE-149 (Improper Neutralization of Quoting Syntax), per the official Cisco advisory

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.