Vulnerabilities > CVE-2021-1287 - Stack-based Buffer Overflow vulnerability in Cisco Rv132W Firmware and Rv134W Firmware

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

CWE-121

NVD

Published: 2021-03-18

Updated: 2023-11-07

Summary

A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Rv132W Firmware - Cisco Rv132W Firmware 1.0 Cisco Rv132W Firmware 1.0.0.1 Cisco Rv132W Firmware 1.0.0.14 Cisco Rv132W Firmware 1.0.1.8 Cisco Rv132W Firmware 1.0.1.14 Cisco Rv134W Firmware - Cisco Rv134W Firmware 1.0 Cisco Rv134W Firmware 1.0.0.1 Cisco Rv134W Firmware 1.0.0.14 Cisco Rv134W Firmware 1.0.1.8 Cisco Rv134W Firmware 1.0.1.14 Cisco Rv134W Firmware 1.0.1.20	13
Hardware	Cisco Cisco Rv132W - Cisco Rv134W -	2

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p