CVE-2021-1472

Published Apr 8, 2021

Last updated a year ago

CVSS critical 9.8

Overview

Description: Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287
ykramarz@cisco.com: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA1708A1-3D6B-4257-B32B-25A595EAB3B4",
            "versionEndExcluding": "1.0.01.03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv160w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22C0BE4B-1145-4497-8E4D-8901281C4A4B",
            "versionEndExcluding": "1.0.01.03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B7E3792-5D0F-4CCC-874D-512059CA8E12"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv260_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "297BBB67-862F-4640-89A1-247B6BC51F37",
            "versionEndExcluding": "1.0.01.03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6FFC99C1-954E-408B-8A08-C79941350F05"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv260p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7158A7E3-1C93-46FA-B5BC-47A3049F0641",
            "versionEndExcluding": "1.0.01.03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A62A6E2F-FA43-4F40-A684-651FEDAC2114"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv260w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2B47064-2877-44C8-BC28-F1678A5F9566",
            "versionEndExcluding": "1.0.01.03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95737F9F-1779-4AAB-875E-2CD586A8B780"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB20DECC-5D66-4E87-8E19-AFCE0EC2538B",
            "versionEndExcluding": "1.0.03.21"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1D3E083-7BC2-485B-82CD-CE3DE176A047",
            "versionEndExcluding": "1.0.03.21"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "504FBEF9-DCC1-4EE2-9F04-14E38141A03C",
            "versionEndExcluding": "1.0.03.21"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C7C3346-DD1A-41CC-BB4D-F42CCE75A928",
            "versionEndExcluding": "1.0.03.21"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References