CVSS: 7.4EPSS: 0%CPEs: 44EXPL: 0CVE-2021-1308 – Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1308
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2021-1251 – Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1251
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3451 – Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3451
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Multiples vulnerabilidades en la interfaz de administración basada en web de Cisco Small Business RV340 Series Routers, podrían permitir a un atacante remoto autenticado con credenciales administrativas ejecutar comandos arbitrarios en el Sistema Operativo (SO) subyacente como un usuario restringido. Para más información sobre estas vulnerabilidades, consultar la sección Detalles de este aviso This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv https://www.zerodayinitiative.com/advisories/ZDI-20-1100 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3453 – Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3453
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Multiples vulnerabilidades en la interfaz de administración basada en web de Cisco Small Business RV340 Series Routers, podrían permitir a un atacante remoto autenticado con credenciales administrativas ejecutar comandos arbitrarios en el sistema operativo (SO) subyacente como un usuario restringido. Para más información sobre estas vulnerabilidades, consultar la sección Detalles de este aviso This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv https://www.zerodayinitiative.com/advisories/ZDI-20-1101 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •