Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-1297

Опубликовано: 04 фев. 2021
Источник: nvd
CVSS3: 7.5
CVSS2: 9.4
EPSS Низкий

Описание

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:rv160w_wireless-ac_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.01.02 (исключая)
cpe:2.3:h:cisco:rv160w_wireless-ac_vpn_router:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:rv260_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.01.02 (исключая)
cpe:2.3:h:cisco:rv260_vpn_router:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:cisco:rv260p_vpn_router_with_poe_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.01.02 (исключая)
cpe:2.3:h:cisco:rv260p_vpn_router_with_poe:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:rv260w_wireless-ac_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.01.02 (исключая)
cpe:2.3:h:cisco:rv260w_wireless-ac_vpn_router:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:cisco:rv160_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.01.02 (исключая)
cpe:2.3:h:cisco:rv160_vpn_router:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%
0.00445
Низкий

7.5 High

CVSS3

9.4 Critical

CVSS2

Дефекты

CWE-36
CWE-22

Связанные уязвимости

github логотип

GHSA-2jjp-7rw3-8xf9

CVSS3: 7.5
github
больше 3 лет назад

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

fstec логотип

BDU:2021-00738

CVSS3: 7.5
fstec
около 5 лет назад

Уязвимость веб-интерфейса микропрограммного обеспечения VPN-маршрутизаторов Cisco Small Business RV160, RV160W, RV260, RV260P и RV260W, позволяющая нарушителю перезаписать произвольные файлы

EPSS

Процентиль: 63%
0.00445
Низкий

7.5 High

CVSS3

9.4 Critical

CVSS2

Дефекты

CWE-36
CWE-22