What is the severity of CVE-2021-1296?

CVE-2021-1296 has a high severity rating due to its potential for remote exploitation without authentication.

How do I fix CVE-2021-1296?

To fix CVE-2021-1296, update the firmware of your Cisco RV160, RV160W, RV260, RV260P, or RV260W VPN router to a version higher than 1.0.01.02.

What vulnerabilities are associated with CVE-2021-1296?

CVE-2021-1296 involves multiple vulnerabilities, including unauthorized file overwrite and directory traversal attacks via the web management interface.

Which devices are affected by CVE-2021-1296?

CVE-2021-1296 affects Cisco RV160, RV160W, RV260, RV260P, and RV260W VPN routers running specific firmware versions.

Can CVE-2021-1296 be exploited remotely?

Yes, CVE-2021-1296 can be exploited remotely by an unauthenticated attacker, making it particularly dangerous.

Vulnerability/
CVE-2021-1296

critical

9.4

CWE

22 36 20

4/2/2021

8/11/2024

CVE-2021-1296: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

First published: Thu Feb 04 2021(Updated: )

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco RV160W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV160W Wireless-AC VPN Router Firmware
Cisco RV260W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV260 VPN Router firmware
Cisco RV260P VPN Router with PoE	<1.0.01.02
Cisco RV260P VPN Router with PoE
Cisco RV260W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV260W Wireless-AC VPN Router Firmware
Cisco RV160W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV160W wireless-ac VPN Router

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn

Frequently Asked Questions

What is the severity of CVE-2021-1296?
CVE-2021-1296 has a high severity rating due to its potential for remote exploitation without authentication.
How do I fix CVE-2021-1296?
To fix CVE-2021-1296, update the firmware of your Cisco RV160, RV160W, RV260, RV260P, or RV260W VPN router to a version higher than 1.0.01.02.
What vulnerabilities are associated with CVE-2021-1296?
CVE-2021-1296 involves multiple vulnerabilities, including unauthorized file overwrite and directory traversal attacks via the web management interface.
Which devices are affected by CVE-2021-1296?
CVE-2021-1296 affects Cisco RV160, RV160W, RV260, RV260P, and RV260W VPN routers running specific firmware versions.
Can CVE-2021-1296 be exploited remotely?
Yes, CVE-2021-1296 can be exploited remotely by an unauthenticated attacker, making it particularly dangerous.

agent/type
agent/weakness
agent/author
agent/title
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco rv160w wireless-ac vpn router firmware
canonical/cisco rv260w wireless-ac vpn router firmware
canonical/cisco rv260 vpn router firmware
canonical/cisco rv260p vpn router with poe
canonical/cisco rv160w wireless-ac vpn router