cisco-sa-rv160-260-rce-XZeFkNHf: Cisco??Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
First published: Wed Feb 03 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf
Credit: the following people for reporting these vulnerabilities:
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Small Business RV160 | ||
| Cisco Small Business RV160W | ||
| Cisco Small Business RV260 | ||
| Cisco RV260P | ||
| Cisco RV260W |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of cisco-sa-rv160-260-rce-XZeFkNHf?
The severity level of cisco-sa-rv160-260-rce-XZeFkNHf is critical due to the potential for unauthenticated remote code execution.
How do I fix cisco-sa-rv160-260-rce-XZeFkNHf?
To fix cisco-sa-rv160-260-rce-XZeFkNHf, apply the recommended security patches provided by Cisco for the affected RV160 and RV260 series routers.
Which products are affected by cisco-sa-rv160-260-rce-XZeFkNHf?
The products affected by cisco-sa-rv160-260-rce-XZeFkNHf include Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers.
What is the risk of not addressing cisco-sa-rv160-260-rce-XZeFkNHf?
Failing to address cisco-sa-rv160-260-rce-XZeFkNHf exposes devices to remote exploitation, potentially allowing attackers complete control over the router.
Can I detect if my device is vulnerable to cisco-sa-rv160-260-rce-XZeFkNHf?
Yes, you can detect the vulnerability by checking the software version of your Cisco RV series router against Cisco's security advisory.
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- collector/cisco-advisory
- source/Cisco
- agent/title
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco small business rv160
- canonical/cisco small business rv160w
- canonical/cisco small business rv260
- canonical/cisco rv260p
- canonical/cisco rv260w