Cisco Small Business RV Series Routers Vulnerabilities Alert
Vulnerability Detail
CVE-2021-1473: Cisco Small Business RV340 Series Routers Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
CVE-2021-1472: Cisco Small Business RV Series Routers Authentication Bypass File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to bypass authentication and upload files to directories that should require administrative authentication.
Affected version
- RV160 VPN Router
- RV160W Wireless-AC VPN Router
- RV260 VPN Router
- RV260P VPN Router with PoE
- RV260W Wireless-AC VPN Router
- RV340 Dual WAN Gigabit VPN Router
- RV340W Dual WAN Gigabit Wireless-AC VPN Router
- RV345 Dual WAN Gigabit VPN Router
- RV345P Dual WAN Gigabit PoE VPN Router
Unaffected version
Cisco Small Business RV Series Routers | Fixed Releases |
---|---|
RV160, RV160W, RV260, RV260P, and RV260W | 1.0.01.03 and later |
RV340, RV340W, RV345, and RV345P | 1.0.03.21 and later |