CVE-2021-1414

Beschreibung:
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

CWE: CWE-502 CWE-284

CVSS-Bewertung
CVSS 2: MEDIUM – 6.5 (Version: 2.0)
CVSS 3: MEDIUM – 6.3 (Version: 3.1)

Links:

NVD – CVE-2021-1414
CVE – CVE-2021-1414

Link (max. 20) Quelle Tags
20210407 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerabilities CISCO Vendor Advisory Issue Tracking Patch Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-559/ MISC Third Party Advisory Third Party Advisory
FEDORA-2021-9433bedebd FEDORA Third Party Advisory Third Party Advisory
FEDORA-2021-5cd2571751 FEDORA Third Party Advisory Vendor Advisory
[debian-lts-announce] 20210505 [SECURITY] [DLA 2648-1] mediawiki security update MLIST Third Party Advisory Vendor Advisory
[debian-lts-announce] 20210506 [SECURITY] [DLA 2648-2] mediawiki regression update MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity MLIST Mailing List Vendor Advisory
[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287) MLIST Mailing List Third Party Advisory
[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix MLIST Mailing List Third Party Advisory Vendor Advisory

Quelle: NVD – CVE-2021-1414
Datum Veröffentlichung: 2021-04-08T04:15Z, Datum letzte Änderung: 2021-05-11T09:15Z