CVE-2021-1610
published 2021-08-04CVE-2021-1610: Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
9.06%
94.6th percentile
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | rv340_rv340w_rv345_and_rv345p_dual_wan_gigabit_vpn_routers_web_management | — | — |
| cisco | small_business_rv_series_router_firmware | < 1.0.03.22 | 1.0.03.22 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists due to improper validation of HTTP requests sent to the web-based management interface; monitor for anomalous or malformed HTTP requests targeting the management interface of affected Cisco RV340/RV345 series routers. ↗
- →Affected devices: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. Track firmware versions below 1.0.03.22 as unpatched and vulnerable. ↗
- →Cisco Bug IDs CSCvy15286 and CSCvy15342 are associated with CVE-2021-1610; use these identifiers when querying Cisco PSIRT or internal ticketing systems. ↗
- ·CVE-2021-1609 and CVE-2021-1610 can be exploited independently; some firmware versions may only be affected by one of the two vulnerabilities. ↗
- ·No public proof-of-concept exploit was available at the time of the Tenable blog publication; exploitation risk may be lower than for CVE-2021-1609 (CVSS 9.8) but should still be treated urgently given historical targeting of Cisco Small Business routers. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
vendor_cisco·2021-08-04·CVSS 9.8
CVE-2021-1609 [CRITICAL] CWE-121 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following:
Execute arbitrary code
Cause a denial of service (DoS) condition
Execute arbitrary commands
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy
Cisco
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1610 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
CVE-2021-1610: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-121, CWE-149, CWE-121, CWE-149
Bug IDs: CSCvy15286, CSCvy15342, CSCvy15286, CSCvy15342
GHSA
GHSA-phrf-jr8w-rqw5: Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Route
ghsa_unreviewed·2022-05-24
CVE-2021-1610 [HIGH] GHSA-phrf-jr8w-rqw5: Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Route
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.
No detection rules found.
No public exploits indexed.
Checkpoint
09th August – Threat Intelligence Report
blogs_checkpoint·2021-08-09·CVSS 9.8
CVE-2021-20090 [CRITICAL] 09th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 09th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th August, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Four critical infrastructures organizations in South East Asia have been the target the of a cyberespionage campaign by alleged Chinese threat actors for several months, aiming at exploiting information from the victims’ SCADA systems. The targeted sectors included power, water, defense, and communications companies.
The Au
Tenable
CVE-2021-1609: Critical Remote Code Execution Vulnerability in Cisco Small Business VPN Routers
blogs_tenable·2021-08-05·CVSS 9.8
[CRITICAL] CVE-2021-1609: Critical Remote Code Execution Vulnerability in Cisco Small Business VPN Routers
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2021-08-04
Published