CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1520 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1520
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying OS. To exploit this vulnerability, the attacker must have valid Administrator credentials for the device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-34x-privesc-GLN8ZAQE • CWE-123: Write-what-where Condition •
CVSS: 9.8EPSS: 72%CPEs: 8EXPL: 1CVE-2021-1473 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1473
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Se presentan múltiples vulnerabilidades en la interfaz de administración basada en web de los enrutadores Cisco Small Business RV Series. Un atacante remoto podría ejecutar comandos arbitrarios u omitir la autenticación y cargar archivos en un dispositivo afectado. • http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html http://seclists.org/fulldisclosure/2021/Apr/39 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 96%CPEs: 18EXPL: 1CVE-2021-1472 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Se presentan múltiples vulnerabilidades en la interfaz de administración basada en web de los enrutadores Cisco Small Business RV Series. Un atacante remoto podría ejecutar comandos arbitrarios u omitir la autenticación y cargar archivos en un dispositivo afectado. • http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html http://seclists.org/fulldisclosure/2021/Apr/39 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1415 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1415
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-560 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1414 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1414
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-559 • CWE-502: Deserialization of Untrusted Data •