9.8

CVE-2021-1472

Exploit

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoRv160 Firmware Version < 1.0.01.03
   CiscoRv160 Version-
CiscoRv160w Firmware Version < 1.0.01.03
   CiscoRv160w Version-
CiscoRv260 Firmware Version < 1.0.01.03
   CiscoRv260 Version-
CiscoRv260p Firmware Version < 1.0.01.03
   CiscoRv260p Version-
CiscoRv260w Firmware Version < 1.0.01.03
   CiscoRv260w Version-
CiscoRv340 Firmware Version < 1.0.03.21
   CiscoRv340 Version-
CiscoRv340w Firmware Version < 1.0.03.21
   CiscoRv340w Version-
CiscoRv345 Firmware Version < 1.0.03.21
   CiscoRv345 Version-
CiscoRv345p Firmware Version < 1.0.03.21
   CiscoRv345p Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 88.2% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://seclists.org/fulldisclosure/2021/Apr/39
Third Party Advisory
Mailing List