Cisco Small Business RV Series Routers Vulnerabilities Alert

On April 07, 2021, Cisco released a risk notice for multiple vulnerabilities in Cisco Small Business RV Series Routers. The vulnerability numbers are CVE-2021-1472 and CVE-2021-1473. The CVSS score is 7.3.
CVE-2021-1472

Vulnerability Detail

CVE-2021-1473: Cisco Small Business RV340 Series Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.

CVE-2021-1472: Cisco Small Business RV Series Routers Authentication Bypass File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to bypass authentication and upload files to directories that should require administrative authentication.

Affected version

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with PoE
  • RV260W Wireless-AC VPN Router
  • RV340 Dual WAN Gigabit VPN Router
  • RV340W Dual WAN Gigabit Wireless-AC VPN Router
  • RV345 Dual WAN Gigabit VPN Router
  • RV345P Dual WAN Gigabit PoE VPN Router

Unaffected version

Cisco Small Business RV Series Routers Fixed Releases
RV160, RV160W, RV260, RV260P, and RV260W 1.0.01.03 and later
RV340, RV340W, RV345, and RV345P 1.0.03.21 and later

Solution

In this regard, we recommend that users upgrade the Cisco Rv VPN router to the latest version in time.