Details of VAR-202104-0890

ID

VAR-202104-0890

CVE

CVE-2021-1459

TITLE

Cisco To Small Business RV110W RV130W RV215W Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-451

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. Cisco has not released software updates that address this vulnerability

Trust: 0.99

sources: NVD: CVE-2021-1459 // VULMON: CVE-2021-1459

AFFECTED PRODUCTS

vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.55	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.55	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.55	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.55	Trust: 1.0

sources: NVD: CVE-2021-1459

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1459
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1459
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202104-451
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-1459
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1459
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-1459
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULMON: CVE-2021-1459 // CNNVD: CNNVD-202104-451 // NVD: CVE-2021-1459 // NVD: CVE-2021-1459

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2021-1459

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-451

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202104-451

PATCH

title:	Cisco Small Business RV110W, RV130, RV130W, and RV215W Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147032	Trust: 0.6
title:	Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-rce-q3rxHnvm	Trust: 0.1

sources: VULMON: CVE-2021-1459 // CNNVD: CNNVD-202104-451

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1459	Trust: 1.7
db:	AUSCERT	id:	ESB-2021.1165	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-451	Trust: 0.6
db:	VULMON	id:	CVE-2021-1459	Trust: 0.1

sources: VULMON: CVE-2021-1459 // CNNVD: CNNVD-202104-451 // NVD: CVE-2021-1459

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-rce-q3rxhnvm	Trust: 1.8
url:	https://www.auscert.org.au/bulletins/esb-2021.1165	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1459	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-1459 // CNNVD: CNNVD-202104-451 // NVD: CVE-2021-1459

SOURCES

db:	VULMON	id:	CVE-2021-1459
db:	CNNVD	id:	CNNVD-202104-451
db:	NVD	id:	CVE-2021-1459

LAST UPDATE DATE

2024-08-14T15:42:54.891000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-1459	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-451	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1459	date:	2023-11-07T03:28:21.880

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-1459	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-451	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1459	date:	2021-04-08T04:15:13.437