Details of VAR-202108-0329

ID

VAR-202108-0329

CVE

CVE-2021-1610

TITLE

Cisco Small Business RV340 and Cisco Small Business command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-59763 // CNNVD: CNNVD-202108-380

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. (DoS) It may be in a state. Cisco Small Business RV340 and Cisco Small Business are both products of Cisco (Cisco). Cisco Small Business RV340 is a router. A hardware device that connects two or more networks and acts as a gateway between the networks. Cisco Small Business is a switch. Cisco Small Business RV340 and Cisco Small Business have command injection vulnerabilities. The vulnerability stems from the program's failure to properly verify the HTTP request. Remote attackers without authentication can use this vulnerability to execute arbitrary commands through specially crafted HTTP requests. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNVD: CNVD-2021-59763 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1610

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-59763

AFFECTED PRODUCTS

vendor:	cisco	model:	small business rv series router	scope:	lt	version:	1.0.03.22	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco small business rv シリーズルータ	scope:	eq	version:	cisco small business rv series router firmware	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco small business rv シリーズルータ	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco small business rv シリーズルータ	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	lt	version:	1.0.03.22	Trust: 0.6
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	lt	version:	1.0.03.22	Trust: 0.6
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	lt	version:	1.0.03.22	Trust: 0.6
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	lt	version:	1.0.03.22	Trust: 0.6

sources: CNVD: CNVD-2021-59763 // JVNDB: JVNDB-2021-013478 // NVD: CVE-2021-1610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1610
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1610
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-1610
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-59763
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-380
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-1610
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1610
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-59763
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1610
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1610
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1610
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-380 // NVD: CVE-2021-1610 // NVD: CVE-2021-1610

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013478 // NVD: CVE-2021-1610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-380

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy	Trust: 0.8
title:	Patch for Cisco Small Business RV340 and Cisco Small Business command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/288791	Trust: 0.6
title:	Cisco Small Business RV340 and Cisco Small Business Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158932	Trust: 0.6
title:	Cisco: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/critical-cisco-bug-vpn-routers/168449/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2021/08/05/cisco_rv340_series_router_vulns_patched/	Trust: 0.1

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202108-380

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1610	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-013478	Trust: 0.8
db:	CNVD	id:	CNVD-2021-59763	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2626	Trust: 0.6
db:	CS-HELP	id:	SB2021080513	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-380	Trust: 0.6
db:	VULMON	id:	CVE-2021-1610	Trust: 0.1

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-380 // NVD: CVE-2021-1610

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv340-cmdinj-rcedos-py8j3qfy	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1610	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080513	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2626	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.theregister.co.uk/2021/08/05/cisco_rv340_series_router_vulns_patched/	Trust: 0.1
url:	https://threatpost.com/critical-cisco-bug-vpn-routers/168449/	Trust: 0.1

sources: CNVD: CNVD-2021-59763 // VULMON: CVE-2021-1610 // JVNDB: JVNDB-2021-013478 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-380 // NVD: CVE-2021-1610

SOURCES

db:	CNVD	id:	CNVD-2021-59763
db:	VULMON	id:	CVE-2021-1610
db:	JVNDB	id:	JVNDB-2021-013478
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-380
db:	NVD	id:	CVE-2021-1610

LAST UPDATE DATE

2024-08-14T13:18:50.287000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-59763	date:	2021-09-01T00:00:00
db:	VULMON	id:	CVE-2021-1610	date:	2021-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-013478	date:	2022-09-12T05:28:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-380	date:	2021-08-17T00:00:00
db:	NVD	id:	CVE-2021-1610	date:	2023-11-07T03:28:46.710

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-59763	date:	2021-08-09T00:00:00
db:	VULMON	id:	CVE-2021-1610	date:	2021-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-013478	date:	2022-09-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-380	date:	2021-08-04T00:00:00
db:	NVD	id:	CVE-2021-1610	date:	2021-08-04T18:15:09.143