ID

VAR-202108-0329


CVE

CVE-2021-1610


TITLE

Cisco Small Business RV340 and Cisco Small Business command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-59763 // CNNVD: CNNVD-202108-380

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be in a state. Cisco Small Business RV340 and Cisco Small Business are both products of Cisco (Cisco). Cisco Small Business RV340 is a router. A hardware device that connects two or more networks and acts as a gateway between the networks. Cisco Small Business is a switch. Cisco Small Business RV340 and Cisco Small Business have command injection vulnerabilities. The vulnerability stems from the program's failure to properly verify the HTTP request. Remote attackers without authentication can use this vulnerability to execute arbitrary commands through specially crafted HTTP requests. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNVD: CNVD-2021-59763 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1610

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-59763

AFFECTED PRODUCTS

vendor:ciscomodel:small business rv series routerscope:ltversion:1.0.03.22

Trust: 1.0

vendor:シスコシステムズmodel:cisco small business rv シリーズ ルータscope:eqversion:cisco small business rv series router firmware

Trust: 0.8

vendor:シスコシステムズmodel:cisco small business rv シリーズ ルータscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco small business rv シリーズ ルータscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340 dual wan gigabit vpn routerscope:ltversion:1.0.03.22

Trust: 0.6

vendor:ciscomodel:rv340w dual wan gigabit wireless-ac vpn routerscope:ltversion:1.0.03.22

Trust: 0.6

vendor:ciscomodel:rv345 dual wan gigabit vpn routerscope:ltversion:1.0.03.22

Trust: 0.6

vendor:ciscomodel:rv345p dual wan gigabit poe vpn routerscope:ltversion:1.0.03.22

Trust: 0.6

sources: CNVD: CNVD-2021-59763 // JVNDB: JVNDB-2021-013478 // NVD: CVE-2021-1610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1610
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1610
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-1610
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-59763
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-380
value: HIGH

Trust: 0.6

VULMON: CVE-2021-1610
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1610
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-59763
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1610
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1610
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1610
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-380 // NVD: CVE-2021-1610 // NVD: CVE-2021-1610

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013478 // NVD: CVE-2021-1610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-380

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-rv340-cmdinj-rcedos-pY8J3qfyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy

Trust: 0.8

title:Patch for Cisco Small Business RV340 and Cisco Small Business command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/288791

Trust: 0.6

title:Cisco Small Business RV340 and Cisco Small Business Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158932

Trust: 0.6

title:Cisco: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy

Trust: 0.1

title:Threatposturl:https://threatpost.com/critical-cisco-bug-vpn-routers/168449/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2021/08/05/cisco_rv340_series_router_vulns_patched/

Trust: 0.1

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202108-380

EXTERNAL IDS

db:NVDid:CVE-2021-1610

Trust: 3.9

db:JVNDBid:JVNDB-2021-013478

Trust: 0.8

db:CNVDid:CNVD-2021-59763

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2626

Trust: 0.6

db:CS-HELPid:SB2021080513

Trust: 0.6

db:CNNVDid:CNNVD-202108-380

Trust: 0.6

db:VULMONid:CVE-2021-1610

Trust: 0.1

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-380 // NVD: CVE-2021-1610

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv340-cmdinj-rcedos-py8j3qfy

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1610

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080513

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2626

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.theregister.co.uk/2021/08/05/cisco_rv340_series_router_vulns_patched/

Trust: 0.1

url:https://threatpost.com/critical-cisco-bug-vpn-routers/168449/

Trust: 0.1

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-380 // NVD: CVE-2021-1610

SOURCES

db:CNVDid:CNVD-2021-59763
db:VULMONid:CVE-2021-1610
db:JVNDBid:JVNDB-2021-013478
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-380
db:NVDid:CVE-2021-1610

LAST UPDATE DATE

2024-08-14T13:18:50.287000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-59763date:2021-09-01T00:00:00
db:VULMONid:CVE-2021-1610date:2021-08-12T00:00:00
db:JVNDBid:JVNDB-2021-013478date:2022-09-12T05:28:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-380date:2021-08-17T00:00:00
db:NVDid:CVE-2021-1610date:2023-11-07T03:28:46.710

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-59763date:2021-08-09T00:00:00
db:VULMONid:CVE-2021-1610date:2021-08-04T00:00:00
db:JVNDBid:JVNDB-2021-013478date:2022-09-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-380date:2021-08-04T00:00:00
db:NVDid:CVE-2021-1610date:2021-08-04T18:15:09.143