What is the severity of CVE-2021-1297?

CVE-2021-1297 has been assessed with a high severity rating due to the potential for unauthenticated remote attacks.

How do I fix CVE-2021-1297?

To mitigate CVE-2021-1297, update your Cisco RV160, RV160W, RV260, RV260P, or RV260W VPN Router to the latest firmware version.

What are the potential impacts of CVE-2021-1297?

CVE-2021-1297 could allow attackers to perform directory traversal attacks and overwrite restricted files on affected routers.

Which Cisco products are affected by CVE-2021-1297?

CVE-2021-1297 affects the Cisco RV160, RV160W, RV260, RV260P, and RV260W VPN Routers running specific firmware versions.

Is there a public exploit for CVE-2021-1297?

As of now, there are no confirmed public exploits for CVE-2021-1297, but the vulnerability's nature suggests it could be targeted.

Vulnerability/
CVE-2021-1297

critical

9.4

CWE

22 36 20

4/2/2021

8/11/2024

CVE-2021-1297: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

First published: Thu Feb 04 2021(Updated: )

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco RV160W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV160W Wireless-AC VPN Router Firmware
Cisco RV260W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV260 VPN Router firmware
Cisco RV260P VPN Router with PoE	<1.0.01.02
Cisco RV260P VPN Router with PoE
Cisco RV260W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV260W Wireless-AC VPN Router Firmware
Cisco RV160W Wireless-AC VPN Router Firmware	<1.0.01.02
Cisco RV160W wireless-ac VPN Router

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn

Frequently Asked Questions

What is the severity of CVE-2021-1297?
CVE-2021-1297 has been assessed with a high severity rating due to the potential for unauthenticated remote attacks.
How do I fix CVE-2021-1297?
To mitigate CVE-2021-1297, update your Cisco RV160, RV160W, RV260, RV260P, or RV260W VPN Router to the latest firmware version.
What are the potential impacts of CVE-2021-1297?
CVE-2021-1297 could allow attackers to perform directory traversal attacks and overwrite restricted files on affected routers.
Which Cisco products are affected by CVE-2021-1297?
CVE-2021-1297 affects the Cisco RV160, RV160W, RV260, RV260P, and RV260W VPN Routers running specific firmware versions.
Is there a public exploit for CVE-2021-1297?
As of now, there are no confirmed public exploits for CVE-2021-1297, but the vulnerability's nature suggests it could be targeted.

agent/type
agent/weakness
agent/author
agent/title
agent/references
agent/severity
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco rv160w wireless-ac vpn router firmware
canonical/cisco rv260w wireless-ac vpn router firmware
canonical/cisco rv260 vpn router firmware
canonical/cisco rv260p vpn router with poe
canonical/cisco rv160w wireless-ac vpn router