Multiple vulnerabilities in Cisco Small Business RV Series Routers



Published: 2021-02-04
Risk Low
Patch available YES
Number of vulnerabilities 35
CVE-ID CVE-2021-1319
CVE-2021-1335
CVE-2021-1348
CVE-2021-1347
CVE-2021-1346
CVE-2021-1345
CVE-2021-1344
CVE-2021-1343
CVE-2021-1342
CVE-2021-1341
CVE-2021-1340
CVE-2021-1339
CVE-2021-1338
CVE-2021-1337
CVE-2021-1336
CVE-2021-1334
CVE-2021-1320
CVE-2021-1333
CVE-2021-1332
CVE-2021-1331
CVE-2021-1330
CVE-2021-1329
CVE-2021-1328
CVE-2021-1327
CVE-2021-1326
CVE-2021-1325
CVE-2021-1324
CVE-2021-1323
CVE-2021-1322
CVE-2021-1321
CVE-2021-1318
CVE-2021-1317
CVE-2021-1316
CVE-2021-1315
CVE-2021-1314
CWE-ID CWE-121
CWE-77
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco RV016 Multi-WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco RV042 Dual WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco RV042G Dual Gigabit WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Cisco RV082 Dual WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Small Business RV320 Dual Gigabit WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Small Business RV325 Dual Gigabit WAN VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 35 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU50333

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1319

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU50349

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1335

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU50363

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1348

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU50361

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1347

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU50360

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1346

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

EUVDB-ID: #VU50359

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1345

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stack-based buffer overflow

EUVDB-ID: #VU50358

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1344

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

EUVDB-ID: #VU50357

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1343

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

EUVDB-ID: #VU50356

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1342

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stack-based buffer overflow

EUVDB-ID: #VU50355

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1341

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Stack-based buffer overflow

EUVDB-ID: #VU50354

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1340

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stack-based buffer overflow

EUVDB-ID: #VU50353

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1339

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Stack-based buffer overflow

EUVDB-ID: #VU50352

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1338

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Stack-based buffer overflow

EUVDB-ID: #VU50351

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1337

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Stack-based buffer overflow

EUVDB-ID: #VU50350

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1336

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Stack-based buffer overflow

EUVDB-ID: #VU50348

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1334

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Stack-based buffer overflow

EUVDB-ID: #VU50334

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1320

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Stack-based buffer overflow

EUVDB-ID: #VU50347

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1333

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Stack-based buffer overflow

EUVDB-ID: #VU50346

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1332

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Stack-based buffer overflow

EUVDB-ID: #VU50345

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1331

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Stack-based buffer overflow

EUVDB-ID: #VU50344

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1330

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Stack-based buffer overflow

EUVDB-ID: #VU50343

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1329

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Stack-based buffer overflow

EUVDB-ID: #VU50342

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1328

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Stack-based buffer overflow

EUVDB-ID: #VU50341

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1327

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Stack-based buffer overflow

EUVDB-ID: #VU50340

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1326

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Stack-based buffer overflow

EUVDB-ID: #VU50339

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1325

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Stack-based buffer overflow

EUVDB-ID: #VU50338

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1324

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Stack-based buffer overflow

EUVDB-ID: #VU50337

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1323

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Stack-based buffer overflow

EUVDB-ID: #VU50336

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1322

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Stack-based buffer overflow

EUVDB-ID: #VU50335

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1321

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can send specially crafted HTTP requests, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Command Injection

EUVDB-ID: #VU50332

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1318

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Command Injection

EUVDB-ID: #VU50331

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1317

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Command Injection

EUVDB-ID: #VU50330

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1316

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Command Injection

EUVDB-ID: #VU50328

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1315

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Command Injection

EUVDB-ID: #VU50327

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1314

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco RV016 Multi-WAN VPN Router: 4.2.3.14

Cisco RV042 Dual WAN VPN Router: 4.2.3.14

Cisco RV042G Dual Gigabit WAN VPN Router: 4.2.3.14

Cisco RV082 Dual WAN VPN Router: 4.2.3.14

Small Business RV320 Dual Gigabit WAN VPN Router: 1.5.1.11

Small Business RV325 Dual Gigabit WAN VPN Router: 1.5.1.11

CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###