CVE-2021-1146: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities
First published: Wed Jan 13 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco RV110W Wireless-N VPN Firewall Firmware | =1.2.2.8 | |
| Cisco RV110W Wireless-N VPN Firewall Firmware | =1.3.1.7 | |
| Cisco RV110W firmware | ||
| Cisco RV Series Router Firmware | =1.2.2.8 | |
| Cisco RV Series Router Firmware | =1.3.1.7 | |
| Cisco RV130 VPN Router Firmware | ||
| Cisco RV130W Firmware | =1.2.2.8 | |
| Cisco RV130W Firmware | =1.3.1.7 | |
| Cisco RV130W firmware | ||
| Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware | =1.2.2.8 | |
| Silabs Wireless Smart Ubiquitous Network Linux Border Router Firmware | =1.3.1.7 | |
| Cisco RV215W Wireless-N VPN Router Firmware | ||
| Cisco Application Extension Platform | =1.0.3.55 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-1146?
CVE-2021-1146 is considered a high-severity vulnerability due to its potential for remote command injection with root privileges.
How do I fix CVE-2021-1146?
To fix CVE-2021-1146, update your Cisco RV110W, RV130, RV130W, or RV215W Router to the latest firmware version available.
What devices are affected by CVE-2021-1146?
CVE-2021-1146 affects Cisco Small Business RV110W, RV130, RV130W, and RV215W routers running specific firmware versions.
Can CVE-2021-1146 be exploited remotely?
Yes, CVE-2021-1146 can be exploited by an authenticated remote attacker.
What consequences may arise from an exploit of CVE-2021-1146?
Exploiting CVE-2021-1146 could allow attackers to execute arbitrary commands on the affected router, potentially compromising the device's integrity.
- agent/weakness
- agent/type
- agent/references
- agent/author
- agent/title
- agent/severity
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco rv110w wireless-n vpn firewall firmware
- version/cisco rv110w wireless-n vpn firewall firmware/1.2.2.8
- version/cisco rv110w wireless-n vpn firewall firmware/1.3.1.7
- canonical/cisco rv110w firmware
- canonical/cisco rv series router firmware
- version/cisco rv series router firmware/1.2.2.8
- version/cisco rv series router firmware/1.3.1.7
- canonical/cisco rv130 vpn router firmware
- canonical/cisco rv130w firmware
- version/cisco rv130w firmware/1.2.2.8
- version/cisco rv130w firmware/1.3.1.7
- canonical/silabs wireless smart ubiquitous network linux border router firmware
- version/silabs wireless smart ubiquitous network linux border router firmware/1.2.2.8
- version/silabs wireless smart ubiquitous network linux border router firmware/1.3.1.7
- canonical/cisco rv215w wireless-n vpn router firmware
- canonical/cisco application extension platform
- version/cisco application extension platform/1.0.3.55