CVE-2021-1472 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Se presentan múltiples vulnerabilidades en la interfaz de administración basada en web de los enrutadores Cisco Small Business RV Series. Un atacante remoto podría ejecutar comandos arbitrarios u omitir la autenticación y cargar archivos en un dispositivo afectado. • http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html http://seclists.org/fulldisclosure/2021/Apr/39 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •
CVE-2021-1415 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1415
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-560 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-1414 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1414
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-559 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-1413 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1413
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-558 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-1251 – Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1251
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •