CVE-2021-34730Stack-based Buffer Overflow in Cisco Small Business RV Series Router Firmware

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-20Improper Input Validation5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
37.3%
top 2.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Small Business RV Series Router FirmwareCisco Application Extension Platform
Timeline
PublishedAug 18
Latest updateMay 24

Description

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful explo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-9c26-qcv5-q5qj: A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthe2022-05-24
CVEList
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability2021-08-18
VulnCheck
Cisco application_extension_platform Stack-based Buffer Overflow2021

📋Vendor Advisories

1
Cisco
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability2021-08-18
CVE-2021-34730 — Stack-based Buffer Overflow in Cisco | cvebase