CVE-2021-1610 — Stack-based Buffer Overflow in Cisco Small Business RV Series Router Firmware

CWE-121 — Stack-based Buffer Overflow CWE-149 — Improper Neutralization of Quoting Syntax4 documents4 sources

Severity

8.8HIGHNVD

CNA9.8

EPSS

0.7%

top 28.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Small Business RV Series Router Firmware Cisco Small Business RV Series Router Firmware

Timeline

PublishedAug 4

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/small_business_rv_series_router_firmware< 1.0.03.22

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

🔴Vulnerability Details

GHSA

GHSA-phrf-jr8w-rqw5: Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Route↗2022-05-24

▶

CVEList

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities↗2021-08-04

▶

📋Vendor Advisories

Cisco

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities↗2021-08-04

▶