CVE-2021-1287
Published Mar 18, 2021
Last updated a year ago
Overview
- Description
- A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- ykramarz@cisco.com
- CWE-121
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BCC5C17-9EE8-47D8-BE56-DC24A335739F",
"versionEndExcluding": "1.0.1.15"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8511C48D-9EA6-4521-988C-61E1035BEFA1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2C27566-67D8-458B-B226-3A6383E56B18",
"versionEndExcluding": "1.0.1.21"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "39710CC4-1891-4E4B-AF65-AC2577CC8FFC"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]