Sign-up

ID

VAR-202108-0848


CVE

CVE-2021-34730


TITLE

plural Cisco Small Business Router  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010406

DESCRIPTION

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability. plural Cisco Small Business Router There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)

Trust: 1.8

sources: NVD: CVE-2021-34730 // JVNDB: JVNDB-2021-010406 // VULHUB: VHN-394972 // VULMON: CVE-2021-34730

AFFECTED PRODUCTS

vendor:ciscomodel:rv130 vpn routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:application extension platformscope:eqversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv130w wireless-n multifunction vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv215w wireless-n vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv130 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:application extension platformscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010406 // NVD: CVE-2021-34730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34730
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34730
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-34730
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202108-1644
value: CRITICAL

Trust: 0.6

VULHUB: VHN-394972
value: HIGH

Trust: 0.1

VULMON: CVE-2021-34730
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34730
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-394972
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34730
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-34730
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394972 // VULMON: CVE-2021-34730 // JVNDB: JVNDB-2021-010406 // CNNVD: CNNVD-202108-1644 // NVD: CVE-2021-34730 // NVD: CVE-2021-34730

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-394972 // JVNDB: JVNDB-2021-010406 // NVD: CVE-2021-34730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1644

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202108-1644

PATCH

title:cisco-sa-cisco-sb-rv-overflow-htpymMB5url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5

Trust: 0.8

title:Cisco Small Business Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=160198

Trust: 0.6

title:Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cisco-sb-rv-overflow-htpymMB5

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-34730

Trust: 0.1

title:alonzzzourl:https://github.com/Alonzozzz/alonzzzo

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title: - url:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:Threatposturl:https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/

Trust: 0.1

sources: VULMON: CVE-2021-34730 // JVNDB: JVNDB-2021-010406 // CNNVD: CNNVD-202108-1644

EXTERNAL IDS

db:NVDid:CVE-2021-34730

Trust: 3.4

db:JVNDBid:JVNDB-2021-010406

Trust: 0.8

db:CNNVDid:CNNVD-202108-1644

Trust: 0.7

db:AUSCERTid:ESB-2021.2808

Trust: 0.6

db:VULHUBid:VHN-394972

Trust: 0.1

db:VULMONid:CVE-2021-34730

Trust: 0.1

sources: VULHUB: VHN-394972 // VULMON: CVE-2021-34730 // JVNDB: JVNDB-2021-010406 // CNNVD: CNNVD-202108-1644 // NVD: CVE-2021-34730

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cisco-sb-rv-overflow-htpymmb5

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34730

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2808

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-34730

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/critical-cisco-bug-routers-unpatched/168831/

Trust: 0.1

sources: VULHUB: VHN-394972 // VULMON: CVE-2021-34730 // JVNDB: JVNDB-2021-010406 // CNNVD: CNNVD-202108-1644 // NVD: CVE-2021-34730

SOURCES

db:VULHUBid:VHN-394972
db:VULMONid:CVE-2021-34730
db:JVNDBid:JVNDB-2021-010406
db:CNNVDid:CNNVD-202108-1644
db:NVDid:CVE-2021-34730

LAST UPDATE DATE

2024-08-14T14:50:12.489000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394972date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-34730date:2022-10-27T00:00:00
db:JVNDBid:JVNDB-2021-010406date:2022-06-30T08:57:00
db:CNNVDid:CNNVD-202108-1644date:2022-10-28T00:00:00
db:NVDid:CVE-2021-34730date:2023-11-07T03:36:14.030

SOURCES RELEASE DATE

db:VULHUBid:VHN-394972date:2021-08-18T00:00:00
db:VULMONid:CVE-2021-34730date:2021-08-18T00:00:00
db:JVNDBid:JVNDB-2021-010406date:2022-06-30T00:00:00
db:CNNVDid:CNNVD-202108-1644date:2021-08-18T00:00:00
db:NVDid:CVE-2021-34730date:2021-08-18T20:15:07.447