Risk | Low |
Patch available | YES |
Number of vulnerabilities | 35 |
CVE-ID | CVE-2021-1319 CVE-2021-1335 CVE-2021-1348 CVE-2021-1347 CVE-2021-1346 CVE-2021-1345 CVE-2021-1344 CVE-2021-1343 CVE-2021-1342 CVE-2021-1341 CVE-2021-1340 CVE-2021-1339 CVE-2021-1338 CVE-2021-1337 CVE-2021-1336 CVE-2021-1334 CVE-2021-1320 CVE-2021-1333 CVE-2021-1332 CVE-2021-1331 CVE-2021-1330 CVE-2021-1329 CVE-2021-1328 CVE-2021-1327 CVE-2021-1326 CVE-2021-1325 CVE-2021-1324 CVE-2021-1323 CVE-2021-1322 CVE-2021-1321 CVE-2021-1318 CVE-2021-1317 CVE-2021-1316 CVE-2021-1315 CVE-2021-1314 |
CWE-ID | CWE-121 CWE-77 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco RV016 Multi-WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco RV042 Dual WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco RV042G Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco RV082 Dual WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Small Business RV320 Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Small Business RV325 Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 35 vulnerabilities.
EUVDB-ID: #VU50333
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1319
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50349
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1335
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50363
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1348
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50361
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1347
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50360
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1346
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50359
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1345
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50358
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1344
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50357
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1343
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50356
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1342
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50355
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1341
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50354
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1340
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50353
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1339
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50352
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1338
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50351
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1337
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50350
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1336
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50348
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1334
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50334
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1320
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50347
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1333
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50346
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1332
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50345
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1331
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50344
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1330
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50343
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1329
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50342
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1328
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50341
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1327
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50340
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1326
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50339
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1325
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50338
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1324
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50337
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1323
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50336
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1322
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50335
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1321
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50332
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1318
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50331
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1317
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50330
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1316
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50328
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1315
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50327
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1314
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco RV016 Multi-WAN VPN Router: 4.2.3.14
Cisco RV042 Dual WAN VPN Router: 4.2.3.14
Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14
Cisco RV082 Dual WAN VPN Router: 4.2.3.14
Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11
Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.