CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1413 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1413
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-558 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 44EXPL: 0CVE-2021-1309 – Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1309
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.4EPSS: 0%CPEs: 44EXPL: 0CVE-2021-1308 – Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1308
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2021-1251 – Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1251
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3451 – Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3451
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Multiples vulnerabilidades en la interfaz de administración basada en web de Cisco Small Business RV340 Series Routers, podrían permitir a un atacante remoto autenticado con credenciales administrativas ejecutar comandos arbitrarios en el Sistema Operativo (SO) subyacente como un usuario restringido. Para más información sobre estas vulnerabilidades, consultar la sección Detalles de este aviso This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv https://www.zerodayinitiative.com/advisories/ZDI-20-1100 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •