CVE-2021-1472

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/13/2021 05:54:00 PM UTC

CVE-2021-1472 - advisory for cisco-sa-sb-rv-bypass-inject-Rbhgvfdx

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Certain versions of Rv160 from Cisco contain the following vulnerability:

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1472 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
  • Affected Vendor/Software: Cisco - Cisco Small Business RV Series Router Firmware version n/a

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Cisco Small Business RV Series Routers Vulnerabilities tools.cisco.com
text/html
URL Logo CISCO 20210407 Cisco Small Business RV Series Routers Vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareCiscoRv160-AllAllAll
HardwareCiscoRv160w-AllAllAll
Operating
System
CiscoRv160w FirmwareAllAllAllAll
Operating
System
CiscoRv160 FirmwareAllAllAllAll
HardwareCiscoRv260-AllAllAll
HardwareCiscoRv260p-AllAllAll
Operating
System
CiscoRv260p FirmwareAllAllAllAll
HardwareCiscoRv260w-AllAllAll
Operating
System
CiscoRv260w FirmwareAllAllAllAll
Operating
System
CiscoRv260 FirmwareAllAllAllAll
HardwareCiscoRv340-AllAllAll
HardwareCiscoRv340w-AllAllAll
Operating
System
CiscoRv340w FirmwareAllAllAllAll
Operating
System
CiscoRv340 FirmwareAllAllAllAll
HardwareCiscoRv345-AllAllAll
HardwareCiscoRv345p-AllAllAll
Operating
System
CiscoRv345p FirmwareAllAllAllAll
Operating
System
CiscoRv345 FirmwareAllAllAllAll
  • cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1472 : Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Ser… twitter.com/i/web/status/1… 2021-04-08 04:22:26
Twitter Icon @ioti_rl Advisory: Authentication bypass and RCE in Cisco RV34X series routers (CVE-2021-1472 and CVE-2021-1473) iot-inspector.com/blog/advisory-… 2021-04-13 11:43:59
Twitter Icon @patrowl_io Cisco RV34X Series – Auth Bypass and RCE iot-inspector.com/blog/advisory-… CVE-2021-1472/3 by @IoTInspector More on Patrowl.io/products/hears 2021-04-13 12:06:11
Twitter Icon @autumn_good_35 認証バイパスとOSコマンドインジェクションの合わせ技。 CVE-2021-1472、CVE-2021-1473 Advisory: Cisco RV34X Series - Authentication Bypass and R… twitter.com/i/web/status/1… 2021-04-14 14:25:24