CVE-2021-1415 is a vulnerability in Cisco Small Business Rv Series Router Firmware
Published on April 8, 2021
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
Vulnerability Analysis
CVE-2021-1415 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2021-1415 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2021-1415
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-1415 are published in Cisco Small Business Rv Series Router Firmware:
Affected Versions
Cisco Small Business RV Series Router Firmware Version n/a is affected by CVE-2021-1415Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.