CVE-2021-1610 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1610
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web de los routers Cisco Small Business versiones RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN podrían permitir a un atacante hacer lo siguiente: Ejecutar código arbitrario Causar una condición de denegación de servicio (DoS) Ejecutar comandos arbitrarios Para mayor información sobre estas vulnerabilidades, véase la sección Details de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy • CWE-121: Stack-based Buffer Overflow •
CVE-2021-1609 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1609
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web de los routers Cisco Small Business versiones RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN podrían permitir a un atacante hacer lo siguiente: Ejecutar código arbitrario Causar una condición de denegación de servicio (DoS) Ejecutar comandos arbitrarios Para mayor información sobre estas vulnerabilidades, véase la sección Details de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy • CWE-121: Stack-based Buffer Overflow •
CVE-2017-6620
https://notcve.org/view.php?id=CVE-2017-6620
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. • http://www.securityfocus.com/bid/98289 http://www.securitytracker.com/id/1038395 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •