CVE-2021-1293 — CRITICAL (9.8)

Q: How severe is CVE-2021-1293?

CVE-2021-1293 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-1293?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv160W Wireless-Ac Vpn Router Firmware, Cisco Rv160W Wireless-Ac Vpn Router, Cisco Rv260 Vpn Router Firmware, Cisco Rv260 Vpn Router, Cisco Rv260P Vpn Router With Poe Firmware.

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Rv160W Wireless-Ac Vpn Router Firmware	< 1.0.01.02
Cisco	Rv160W Wireless-Ac Vpn Router	-
Cisco	Rv260 Vpn Router Firmware	< 1.0.01.02
Cisco	Rv260 Vpn Router	-
Cisco	Rv260P Vpn Router With Poe Firmware	< 1.0.01.02
Cisco	Rv260P Vpn Router With Poe	-
Cisco	Rv260W Wireless-Ac Vpn Router Firmware	< 1.0.01.02
Cisco	Rv260W Wireless-Ac Vpn Router	-
Cisco	Rv160 Vpn Router Firmware	< 1.0.01.02
Cisco	Rv160 Vpn Router	-

Related Weaknesses (CWE)

CWE-472

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rVendor Advisory

FAQ

What is CVE-2021-1293?

CVE-2021-1293 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute a...

How severe is CVE-2021-1293?

CVE-2021-1293 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-1293?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv160W Wireless-Ac Vpn Router Firmware, Cisco Rv160W Wireless-Ac Vpn Router, Cisco Rv260 Vpn Router Firmware, Cisco Rv260 Vpn Router, Cisco Rv260P Vpn Router With Poe Firmware.