First published: Wed Jan 13 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Rv110w Firmware | =1.2.2.8 | |
Cisco Rv110w Firmware | =1.3.1.7 | |
Cisco RV110W | ||
Cisco Rv130 Vpn Router Firmware | =1.2.2.8 | |
Cisco Rv130 Vpn Router Firmware | =1.3.1.7 | |
Cisco Rv130 Vpn Router | ||
Cisco Rv130w Firmware | =1.2.2.8 | |
Cisco Rv130w Firmware | =1.3.1.7 | |
Cisco RV130W | ||
Cisco Rv215w Wireless-n Vpn Router Firmware | =1.2.2.8 | |
Cisco Rv215w Wireless-n Vpn Router Firmware | =1.3.1.7 | |
Cisco RV215W Wireless-N VPN Router | ||
Cisco Application Extension Platform | =1.0.3.55 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1153 is a vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers.
The severity of CVE-2021-1153 is medium with a CVSS score of 4.8.
An authenticated, remote attacker can exploit CVE-2021-1153 by conducting cross-site scripting (XSS) attacks against a user of the interface.
Cisco RV110W firmware versions 1.2.2.8 and 1.3.1.7, Cisco RV130 firmware versions 1.2.2.8 and 1.3.1.7, and Cisco RV215W firmware versions 1.2.2.8 and 1.3.1.7 are affected by CVE-2021-1153.
Apply the necessary security updates provided by Cisco to fix CVE-2021-1153.