Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1413

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Published

2021-04-08T04:15:13.063

Last Modified

2024-11-21T05:44:17.840

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-502
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco rv340_firmware < 1.0.0.3.21 Yes
Hardware cisco rv340 - No
Operating System cisco rv340w_firmware < 1.0.03.21 Yes
Hardware cisco rv340w - No
Operating System cisco rv345_firmware < 1.0.03.21 Yes
Hardware cisco rv345 - No
Operating System cisco rv345p_firmware < 1.0.03.21 Yes
Hardware cisco rv345p - No
References