Česky   English

Multiple vulnerabilities in Cisco Small Business RV110W, RV130, RV130W and RV215W Routers



Published: 2021-01-19
Risk Low
Patch available NO
Number of vulnerabilities 69
CVE ID CVE-2021-1159
CVE-2021-1205
CVE-2021-1193
CVE-2021-1194
CVE-2021-1195
CVE-2021-1196
CVE-2021-1197
CVE-2021-1198
CVE-2021-1199
CVE-2021-1200
CVE-2021-1201
CVE-2021-1202
CVE-2021-1203
CVE-2021-1204
CVE-2021-1206
CVE-2021-1191
CVE-2021-1207
CVE-2021-1208
CVE-2021-1209
CVE-2021-1210
CVE-2021-1211
CVE-2021-1212
CVE-2021-1213
CVE-2021-1214
CVE-2021-1215
CVE-2021-1216
CVE-2021-1217
CVE-2021-1307
CVE-2021-1360
CVE-2021-1192
CVE-2021-1190
CVE-2021-1160
CVE-2021-1174
CVE-2021-1161
CVE-2021-1162
CVE-2021-1163
CVE-2021-1164
CVE-2021-1165
CVE-2021-1166
CVE-2021-1167
CVE-2021-1168
CVE-2021-1169
CVE-2021-1170
CVE-2021-1171
CVE-2021-1172
CVE-2021-1173
CVE-2021-1175
CVE-2021-1189
CVE-2021-1176
CVE-2021-1177
CVE-2021-1178
CVE-2021-1179
CVE-2021-1180
CVE-2021-1181
CVE-2021-1182
CVE-2021-1183
CVE-2021-1184
CVE-2021-1185
CVE-2021-1186
CVE-2021-1187
CVE-2021-1188
CVE-2021-1158
CVE-2021-1157
CVE-2021-1156
CVE-2021-1155
CVE-2021-1154
CVE-2021-1153
CVE-2021-1152
CVE-2021-1151
CWE ID CWE-121
CWE-79
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		RV110W Wireless-N VPN Firewall
Hardware solutions / Security hardware applicances

RV130 VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

RV130W Wireless-N Multifunction VPN Router
Hardware solutions / Office equipment, IP-phones, print servers

RV215W Wireless-N VPN Router
Hardware solutions / Office equipment, IP-phones, print servers

Vendor Cisco Systems, Inc

Security Advisory

1) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1159

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1205

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1193

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1194

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1195

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1196

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1197

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1198

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1199

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1200

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1201

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1202

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1203

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1204

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1206

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1191

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1207

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1208

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1209

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1210

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1211

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1212

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1213

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1214

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1215

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1216

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1217

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1307

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1360

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1192

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1190

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1160

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1174

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1161

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1162

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1163

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1164

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1165

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1166

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.8 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1167

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

41) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1168

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1169

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1170

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1171

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1172

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1173

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1175

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1189

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1176

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1177

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1178

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1179

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1180

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1181

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1182

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1183

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1184

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1185

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1186

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1187

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.6 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1188

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1158

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1157

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1156

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1155

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1154

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1153

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1152

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Stored cross-site scripting

Risk: Low

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C] [PCI]

CVE-ID: CVE-2021-1151

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the web-based management interface. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

RV110W Wireless-N VPN Firewall: 1.2.2.8, 1.3.1.7

RV130W Wireless-N Multifunction VPN Router: 1.2.2.8, 1.3.1.7

RV215W Wireless-N VPN Router: 1.2.2.8, 1.3.1.7

RV130 VPN Router: 1.2.2.8, 1.3.1.7

CPE External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###