Cisco Small Business RV Series Routers Vulnerabilities Alert
On April 07, 2021, Cisco released a risk notice for multiple vulnerabilities in Cisco Small Business RV Series Routers. The vulnerability numbers are CVE-2021-1472 and CVE-2021-1473. The CVSS score is 7.3.
Vulnerability Detail
CVE-2021-1473: Cisco Small Business RV340 Series Routers Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
CVE-2021-1472: Cisco Small Business RV Series Routers Authentication Bypass File Upload Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to bypass authentication and upload files to directories that should require administrative authentication.
Affected version
- RV160 VPN Router
- RV160W Wireless-AC VPN Router
- RV260 VPN Router
- RV260P VPN Router with PoE
- RV260W Wireless-AC VPN Router
- RV340 Dual WAN Gigabit VPN Router
- RV340W Dual WAN Gigabit Wireless-AC VPN Router
- RV345 Dual WAN Gigabit VPN Router
- RV345P Dual WAN Gigabit PoE VPN Router
Unaffected version
| Cisco Small Business RV Series Routers | Fixed Releases |
|---|---|
| RV160, RV160W, RV260, RV260P, and RV260W | 1.0.01.03 and later |
| RV340, RV340W, RV345, and RV345P | 1.0.03.21 and later |
Solution
In this regard, we recommend that users upgrade the Cisco Rv VPN router to the latest version in time.
