Command Injection in Cisco Systems, Inc products - CVE-2021-1318
Published: February 4, 2021
Vulnerability identifier: #VU50332
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1318
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco RV016 Multi-WAN VPN Router
Cisco RV042 Dual WAN VPN Router
Cisco RV042G Dual Gigabit WAN VPN Router
Cisco RV082 Dual WAN VPN Router
Small Business RV320 Dual Gigabit WAN VPN Router
Small Business RV325 Dual Gigabit WAN VPN Router
Cisco RV016 Multi-WAN VPN Router
Cisco RV042 Dual WAN VPN Router
Cisco RV042G Dual Gigabit WAN VPN Router
Cisco RV082 Dual WAN VPN Router
Small Business RV320 Dual Gigabit WAN VPN Router
Small Business RV325 Dual Gigabit WAN VPN Router
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can send a specially crafted HTTP request and execute arbitrary commands on the target system.
How to mitigate CVE-2021-1318
Install updates from vendor's website.