CVE-2021-1609 — Stack-based Buffer Overflow in Cisco Small Business RV Series Router Firmware

CWE-121 — Stack-based Buffer Overflow CWE-149 — Improper Neutralization of Quoting Syntax5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Small Business RV Series Router Firmware Cisco Small Business RV Series Router Firmware

Timeline

PublishedAug 4

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/small_business_rv_series_router_firmware< 1.0.03.22

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

🔴Vulnerability Details

GHSA

GHSA-3mfr-q2cq-gc94: Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Route↗2022-05-24

▶

CVEList

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities↗2021-08-04

▶

📋Vendor Advisories

Cisco

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities↗2021-08-04

▶