Vulnerabilities > CVE-2021-1415 - Deserialization of Untrusted Data vulnerability in Cisco products

CVSS 6.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

cisco

CWE-502

NVD

Published: 2021-04-08

Updated: 2023-11-07

Summary

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Rv340 Firmware - Cisco Rv340 Firmware 1.0.0.14 Cisco Rv340 Firmware 1.0.1.14 Cisco Rv340 Firmware 1.0.1.20 Cisco Rv340 Firmware 1.0.03.19 Cisco Rv340 Firmware 1.0.3.20 Cisco Rv340W Firmware - Cisco Rv340W Firmware 1.0.0.14 Cisco Rv340W Firmware 1.0.1.14 Cisco Rv340W Firmware 1.0.1.20 Cisco Rv340W Firmware 1.0.03.19 Cisco Rv340W Firmware 1.0.3.20 Cisco Rv345 Firmware - Cisco Rv345 Firmware 1.0.0.14 Cisco Rv345 Firmware 1.0.1.14 Cisco Rv345 Firmware 1.0.1.20 Cisco Rv345 Firmware 1.0.03.19 Cisco Rv345 Firmware 1.0.3.20 Cisco Rv345P Firmware - Cisco Rv345P Firmware 1.0.0.14 Cisco Rv345P Firmware 1.0.1.14 Cisco Rv345P Firmware 1.0.1.20 Cisco Rv345P Firmware 1.0.03.19 Cisco Rv345P Firmware 1.0.3.20	24
Hardware	Cisco Cisco Rv340 - Cisco Rv340W - Cisco Rv345 - Cisco Rv345P -	4

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References