All the vulnerabilites related to cisco - rv132w_firmware
cve-2021-1251
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:47:00.571527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:29:59.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T04:05:20",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"source": {
"advisory": "cisco-sa-rv-multi-lldp-u7e4chCe",
"defect": [
[
"CSCvw62392",
"CSCvw62395",
"CSCvw62410",
"CSCvw62411",
"CSCvw62413",
"CSCvw62416",
"CSCvw62417",
"CSCvw62418",
"CSCvw94339",
"CSCvw94341",
"CSCvw95016",
"CSCvw95017"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-04-07T16:00:00",
"ID": "CVE-2021-1251",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
]
},
"source": {
"advisory": "cisco-sa-rv-multi-lldp-u7e4chCe",
"defect": [
[
"CSCvw62392",
"CSCvw62395",
"CSCvw62410",
"CSCvw62411",
"CSCvw62413",
"CSCvw62416",
"CSCvw62417",
"CSCvw62418",
"CSCvw94339",
"CSCvw94341",
"CSCvw95016",
"CSCvw95017"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1251",
"datePublished": "2021-04-08T04:05:20.167064Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:29:59.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1308
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:46:54.264964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:29:49.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T04:05:26",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"source": {
"advisory": "cisco-sa-rv-multi-lldp-u7e4chCe",
"defect": [
[
"CSCvw62392",
"CSCvw62395",
"CSCvw62410",
"CSCvw62411",
"CSCvw62413",
"CSCvw62416",
"CSCvw62417",
"CSCvw62418",
"CSCvw94339",
"CSCvw94341",
"CSCvw95016",
"CSCvw95017"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-04-07T16:00:00",
"ID": "CVE-2021-1308",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
]
},
"source": {
"advisory": "cisco-sa-rv-multi-lldp-u7e4chCe",
"defect": [
[
"CSCvw62392",
"CSCvw62395",
"CSCvw62410",
"CSCvw62411",
"CSCvw62413",
"CSCvw62416",
"CSCvw62417",
"CSCvw62418",
"CSCvw94339",
"CSCvw94341",
"CSCvw95016",
"CSCvw95017"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1308",
"datePublished": "2021-04-08T04:05:26.191723Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:29:49.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0125
Vulnerability from cvelistv5
Published
2018-02-08 07:00
Modified
2024-11-15 17:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103140 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040336 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco RV132W and RV134W |
Version: Cisco RV132W and RV134W |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103140",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x"
},
{
"name": "1040336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040336"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0125",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T16:05:12.398656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0125"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:55:39.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RV132W and RV134W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco RV132W and RV134W"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-27T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "103140",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x"
},
{
"name": "1040336",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040336"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco RV132W and RV134W",
"version": {
"version_data": [
{
"version_value": "Cisco RV132W and RV134W"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103140"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x"
},
{
"name": "1040336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040336"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0125",
"datePublished": "2018-02-08T07:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-15T17:55:39.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0127
Vulnerability from cvelistv5
Published
2018-02-08 07:00
Modified
2024-12-02 21:10
Severity ?
EPSS score ?
Summary
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040345 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102969 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco RV132W and RV134W Wireless VPN Routers |
Version: Cisco RV132W and RV134W Wireless VPN Routers |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040345"
},
{
"name": "102969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102969"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:24:13.700218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:10:21.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco RV132W and RV134W Wireless VPN Routers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco RV132W and RV134W Wireless VPN Routers"
}
]
}
],
"datePublic": "2018-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-10T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1040345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040345"
},
{
"name": "102969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102969"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco RV132W and RV134W Wireless VPN Routers",
"version": {
"version_data": [
{
"version_value": "Cisco RV132W and RV134W Wireless VPN Routers"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040345"
},
{
"name": "102969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102969"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0127",
"datePublished": "2018-02-08T07:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-12-02T21:10:21.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1287
Vulnerability from cvelistv5
Published
2021-03-18 18:35
Modified
2024-11-08 23:36
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210317 Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:20:50.533083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:36:46.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T18:35:19",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210317 Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p"
}
],
"source": {
"advisory": "cisco-sa-rv-132w134w-overflow-Pptt4H2p",
"defect": [
[
"CSCvw65031",
"CSCvw65032"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-03-17T16:00:00",
"ID": "CVE-2021-1287",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210317 Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p"
}
]
},
"source": {
"advisory": "cisco-sa-rv-132w134w-overflow-Pptt4H2p",
"defect": [
[
"CSCvw65031",
"CSCvw65032"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1287",
"datePublished": "2021-03-18T18:35:19.207581Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:36:46.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1309
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Small Business RV Series Router Firmware |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:02:56.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:46:45.692659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:29:40.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-08T04:05:30",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"source": {
"advisory": "cisco-sa-rv-multi-lldp-u7e4chCe",
"defect": [
[
"CSCvw62392",
"CSCvw62395",
"CSCvw62410",
"CSCvw62411",
"CSCvw62413",
"CSCvw62416",
"CSCvw62417",
"CSCvw62418",
"CSCvw94339",
"CSCvw94341",
"CSCvw95016",
"CSCvw95017"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-04-07T16:00:00",
"ID": "CVE-2021-1309",
"STATE": "PUBLIC",
"TITLE": "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
]
},
"source": {
"advisory": "cisco-sa-rv-multi-lldp-u7e4chCe",
"defect": [
[
"CSCvw62392",
"CSCvw62395",
"CSCvw62410",
"CSCvw62411",
"CSCvw62413",
"CSCvw62416",
"CSCvw62417",
"CSCvw62418",
"CSCvw94339",
"CSCvw94341",
"CSCvw95016",
"CSCvw95017"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1309",
"datePublished": "2021-04-08T04:05:30.866624Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:29:40.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-02-08 07:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/102969 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1040345 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102969 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040345 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv132w_firmware | 1.0.0.1 | |
| cisco | rv132w_firmware | 1.0.1.8 | |
| cisco | rv132w | - | |
| cisco | rv134w_firmware | 1.0.0.1 | |
| cisco | rv134w_firmware | 1.0.1.8 | |
| cisco | rv134w | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07D40C93-6B28-48B2-9F2D-77C7D5077BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "294C72EE-9F7C-4D90-905F-49ABED3D5FA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8511C48D-9EA6-4521-988C-61E1035BEFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE6C70D-FF9E-485A-914A-7DF7837F6B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2763AE8D-723E-4ACC-BA0C-61D1850EC769",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de routers Cisco RV132W ADSL2+ Wireless-N VPN Routers y Cisco RV134W VDSL2 Wireless-AC VPN podr\u00eda permitir que un atacante remoto no autenticado vea par\u00e1metros de configuraci\u00f3n para un dispositivo afectado, lo que podr\u00eda desembocar en la revelaci\u00f3n de informaci\u00f3n confidencial. La vulnerabilidad se debe a la falta de requisitos para la autenticaci\u00f3n de usuarios en ciertas p\u00e1ginas que forman parte de la interfaz web y contienen informaci\u00f3n confidencial para un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP manipulada a un dispositivo afectado y examinando su respuesta HTTP. Un exploit con \u00e9xito podr\u00eda permitir que el atacante vea par\u00e1metros de configuraci\u00f3n, incluyendo la contrase\u00f1a de administrador, en el dispositivo afectado. Cisco Bug IDs: CSCvg92739, CSCvh60172."
}
],
"id": "CVE-2018-0127",
"lastModified": "2024-11-21T03:37:34.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-08T07:29:00.633",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102969"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040345"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 19:15
Modified
2024-11-21 05:44
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv132w_firmware | * | |
| cisco | rv132w | - | |
| cisco | rv134w_firmware | * | |
| cisco | rv134w | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCC5C17-9EE8-47D8-BE56-DC24A335739F",
"versionEndExcluding": "1.0.1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8511C48D-9EA6-4521-988C-61E1035BEFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C27566-67D8-458B-B226-3A6383E56B18",
"versionEndExcluding": "1.0.1.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los enrutadores VPN Cisco RV132W ADSL2 + Wireless-N y los enrutadores VPN Cisco RV134W VDSL2 Wireless-AC, podr\u00eda permitir a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario en un dispositivo afectado o que el dispositivo se reinicie inesperadamente.\u0026#xa0;La vulnerabilidad se presenta porque la interfaz de administraci\u00f3n basada en web no comprueba apropiadamente la entrada proporcionada por el usuario.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones HTTP dise\u00f1adas hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario como usuario root en el sistema operativo subyacente o causar que el dispositivo se recargue, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el dispositivo afectado"
}
],
"id": "CVE-2021-1287",
"lastModified": "2024-11-21T05:44:00.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T19:15:13.323",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ykramarz@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:43
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv132w_firmware | 1.0.1.14 | |
| cisco | rv132w_firmware | 1.0.3.20 | |
| cisco | rv132w | - | |
| cisco | rv134w_firmware | 1.0.1.14 | |
| cisco | rv134w_firmware | 1.0.3.20 | |
| cisco | rv134w | - | |
| cisco | rv160_firmware | 1.0.1.14 | |
| cisco | rv160_firmware | 1.0.3.20 | |
| cisco | rv160 | - | |
| cisco | rv160w_firmware | 1.0.1.14 | |
| cisco | rv160w_firmware | 1.0.3.20 | |
| cisco | rv160w | - | |
| cisco | rv260_firmware | 1.0.1.14 | |
| cisco | rv260_firmware | 1.0.3.20 | |
| cisco | rv260 | - | |
| cisco | rv260p_firmware | 1.0.1.14 | |
| cisco | rv260p_firmware | 1.0.3.20 | |
| cisco | rv260p | - | |
| cisco | rv260w_firmware | 1.0.1.14 | |
| cisco | rv260w_firmware | 1.0.3.20 | |
| cisco | rv260w | - | |
| cisco | rv340_firmware | 1.0.1.14 | |
| cisco | rv340_firmware | 1.0.3.20 | |
| cisco | rv340 | - | |
| cisco | rv340w_firmware | 1.0.1.14 | |
| cisco | rv340w_firmware | 1.0.3.20 | |
| cisco | rv340w | - | |
| cisco | rv345_firmware | 1.0.1.14 | |
| cisco | rv345_firmware | 1.0.3.20 | |
| cisco | rv345 | - | |
| cisco | rv345p_firmware | 1.0.1.14 | |
| cisco | rv345p_firmware | 1.0.3.20 | |
| cisco | rv345p | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F5759C3B-CE24-47A4-8513-A2C24028973E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0F83DB37-F1B5-4023-B83D-F44823B162F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8511C48D-9EA6-4521-988C-61E1035BEFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E2F2A9-4118-4778-94AB-C996A6F56F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "976288C6-A125-48B2-BE6B-1294F26D46C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF13C864-9853-453C-B495-6C642DE9CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF5FEFC-45A0-4774-88FF-5303626C4C7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "79A57FFD-BA26-4F6E-B45F-2DF212908843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A71045-FF96-4344-9638-6BE2EC47B9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE01B7F-692D-405D-938D-35E83C62D8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "42AA099C-B8A2-4864-9F1B-E92ED0E89995",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFC99C1-954E-408B-8A08-C79941350F05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD084D1A-A03D-4854-9727-76C1FBC1A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E389365B-EB1B-45CD-9BA6-1019536D27E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DC3490-6E60-4806-874D-E23572DEAF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AA72296B-4505-4DFA-B576-AEF67E5537CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95737F9F-1779-4AAB-875E-2CD586A8B780",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "41A8558B-85AC-442A-9E3E-27EC127C5B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4B0547-A92A-4AE2-A70C-227D1FA46ED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8FB0F6-CAE9-481C-9FC7-69CA0660F506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "216F3BF9-A17B-46C7-9EF6-153D531550A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA2331F-521F-4987-83A1-6D0D458B41DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB88C-8545-4E12-88D8-083EEB868792",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16124B-9448-47A0-A6BF-A95B37446E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "66F2D261-E845-4334-838A-62A4FA593FF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n del Link Layer Discovery Protocol (LLDP) para Enrutadores Cisco Small Business RV Series.\u0026#xa0;Un atacante adyacente no autenticado podr\u00eda ejecutar c\u00f3digo arbitrario o causar que un enrutador afectado filtre la memoria del sistema o se recargue.\u0026#xa0;Una p\u00e9rdida de memoria o una recarga del dispositivo podr\u00edan causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\u0026#xa0;Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso.\u0026#xa0;Nota: LLDP es un protocolo de Capa 2.\u0026#xa0;Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de transmisi\u00f3n que el dispositivo afectado (adyacente a Capa 2)"
}
],
"id": "CVE-2021-1251",
"lastModified": "2024-11-21T05:43:55.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-08T04:15:11.860",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8C12141B-531E-44A5-AD79-16504B31D384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F5759C3B-CE24-47A4-8513-A2C24028973E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB50517-FD1B-4207-B63B-4E33F7654E2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8511C48D-9EA6-4521-988C-61E1035BEFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2835C440-025B-414F-BED1-5DA20431E726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E2F2A9-4118-4778-94AB-C996A6F56F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "62CC81E5-DA22-47A1-9D02-00A86DED8D96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA1FCAC-F214-46F5-B2D7-751B24865236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF13C864-9853-453C-B495-6C642DE9CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DA85E0EA-C194-4683-BA09-7C68080924E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F75F5D34-CED9-4390-AC75-7F592175DD67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "79A57FFD-BA26-4F6E-B45F-2DF212908843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "95130A28-C573-4BDF-ABDB-45EE96E94406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA93AAF-F894-44AE-98D6-DBF868AC4EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE01B7F-692D-405D-938D-35E83C62D8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA38FA6-CACA-4553-853C-E36D6395C3E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFC99C1-954E-408B-8A08-C79941350F05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9A035A4A-B82A-4F0B-8D38-4DD280037C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD084D1A-A03D-4854-9727-76C1FBC1A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA8B5D4-821E-48CB-81EA-943BD1039087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F84DC383-4F05-4294-9008-B5223353526D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DC3490-6E60-4806-874D-E23572DEAF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED3BFB-7AA7-4A49-B911-58D7CBE8D704",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95737F9F-1779-4AAB-875E-2CD586A8B780",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC9C7EC-388E-476D-A444-EE9BEE3FD578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "41A8558B-85AC-442A-9E3E-27EC127C5B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DD473F62-964C-4D15-B0B6-D9D4AB8E2C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4165E6FA-C876-45B4-B48A-7B1D51A028BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8FB0F6-CAE9-481C-9FC7-69CA0660F506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "35729306-0CFF-4ACD-B77D-172A92FD67DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "784C42BE-E7CD-45F0-8209-436F54812C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA2331F-521F-4987-83A1-6D0D458B41DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90F3DC42-58C9-4BC4-AFCC-077C0BDAAB2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB2292D-20C8-4929-9802-7FC770952200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16124B-9448-47A0-A6BF-A95B37446E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "948587E0-67B8-4A80-AFAA-96A22F522F42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n del Link Layer Discovery Protocol (LLDP) para Enrutadores Cisco Small Business RV Series.\u0026#xa0;Un atacante adyacente no autenticado podr\u00eda ejecutar c\u00f3digo arbitrario o hacer que un enrutador afectado filtre la memoria del sistema o se recargue.\u0026#xa0;Una p\u00e9rdida de memoria o la recarga del dispositivo podr\u00edan causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\u0026#xa0;Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso.\u0026#xa0;Nota: LLDP es un protocolo de Capa 2.\u0026#xa0;Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de transmisi\u00f3n que el dispositivo afectado (adyacente a Capa 2)"
}
],
"id": "CVE-2021-1308",
"lastModified": "2024-11-21T05:44:03.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-08T04:15:11.983",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-08 07:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/103140 | Broken Link, Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1040336 | Broken Link, Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103140 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040336 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv132w_firmware | 1.0 | |
| cisco | rv132w | - | |
| cisco | rv134w_firmware | 1.0 | |
| cisco | rv134w | - |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Cisco VPN Routers Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81E74D5F-A28F-434C-A10D-800E4883AF57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8511C48D-9EA6-4521-988C-61E1035BEFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A898BE-B20C-41DC-B2CA-53D5D0B30DC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de los routers Cisco RV132W ADSL2+ Wireless-N VPN y RV134W VDSL2 Wireless-AC VPN podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario y obtenga el control total de un sistema afectado, incluyendo el env\u00edo de comandos con privilegios root. El atacante podr\u00eda tambi\u00e9n hacer que el sistema afectado se reinicie, provocando una denegaci\u00f3n de servicio (DoS) en consecuencia. La vulnerabilidad se debe a una validaci\u00f3n incompleta de entradas en entradas controladas por el usuario en una petici\u00f3n HTTP en el dispositivo objetivo. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n HTTP manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute c\u00f3digo arbitrario como usuario root y obtenga el control total del sistema afectado o haga que se reinicie, provocando una denegaci\u00f3n de servicio (DoS) como consecuencia. Esta vulnerabilidad se ha solucionado en la versi\u00f3n de firmware 1.0.1.11 para los siguientes productos de Cisco: RV132W ADSL2+ Wireless-N VPN Router y RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170."
}
],
"id": "CVE-2018-0125",
"lastModified": "2024-11-21T03:37:34.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-08T07:29:00.570",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103140"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040336"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8C12141B-531E-44A5-AD79-16504B31D384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F5759C3B-CE24-47A4-8513-A2C24028973E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB50517-FD1B-4207-B63B-4E33F7654E2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8511C48D-9EA6-4521-988C-61E1035BEFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2835C440-025B-414F-BED1-5DA20431E726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E2F2A9-4118-4778-94AB-C996A6F56F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "62CC81E5-DA22-47A1-9D02-00A86DED8D96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39710CC4-1891-4E4B-AF65-AC2577CC8FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA1FCAC-F214-46F5-B2D7-751B24865236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF13C864-9853-453C-B495-6C642DE9CB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DA85E0EA-C194-4683-BA09-7C68080924E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DC21D-8C6C-4CE7-B5CB-8646659B02BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F75F5D34-CED9-4390-AC75-7F592175DD67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "79A57FFD-BA26-4F6E-B45F-2DF212908843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "95130A28-C573-4BDF-ABDB-45EE96E94406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E3792-5D0F-4CCC-874D-512059CA8E12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA93AAF-F894-44AE-98D6-DBF868AC4EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE01B7F-692D-405D-938D-35E83C62D8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA38FA6-CACA-4553-853C-E36D6395C3E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFC99C1-954E-408B-8A08-C79941350F05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9A035A4A-B82A-4F0B-8D38-4DD280037C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD084D1A-A03D-4854-9727-76C1FBC1A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA8B5D4-821E-48CB-81EA-943BD1039087",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A62A6E2F-FA43-4F40-A684-651FEDAC2114",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F84DC383-4F05-4294-9008-B5223353526D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DC3490-6E60-4806-874D-E23572DEAF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED3BFB-7AA7-4A49-B911-58D7CBE8D704",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95737F9F-1779-4AAB-875E-2CD586A8B780",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC9C7EC-388E-476D-A444-EE9BEE3FD578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "41A8558B-85AC-442A-9E3E-27EC127C5B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DD473F62-964C-4D15-B0B6-D9D4AB8E2C1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4165E6FA-C876-45B4-B48A-7B1D51A028BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8FB0F6-CAE9-481C-9FC7-69CA0660F506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "35729306-0CFF-4ACD-B77D-172A92FD67DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "784C42BE-E7CD-45F0-8209-436F54812C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA2331F-521F-4987-83A1-6D0D458B41DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "90F3DC42-58C9-4BC4-AFCC-077C0BDAAB2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB2292D-20C8-4929-9802-7FC770952200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3E16124B-9448-47A0-A6BF-A95B37446E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "948587E0-67B8-4A80-AFAA-96A22F522F42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n del Link Layer Discovery Protocol (LLDP) para Enrutadores Cisco Small Business RV Series.\u0026#xa0;Un atacante adyacente no autenticado podr\u00eda ejecutar c\u00f3digo arbitrario o causar que un enrutador afectado filtre la memoria del sistema o se recargue.\u0026#xa0;Una p\u00e9rdida de memoria o una recarga del dispositivo podr\u00edan causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\u0026#xa0;Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso.\u0026#xa0;Nota: LLDP es un protocolo de capa 2.\u0026#xa0;Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de transmisi\u00f3n que el dispositivo afectado (adyacente a Capa 2)"
}
],
"id": "CVE-2021-1309",
"lastModified": "2024-11-21T05:44:03.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-08T04:15:12.063",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}