Summaryinfo

A vulnerability was found in Cisco RV160, RV160W, RV260, RV260P and RV260W. It has been declared as very critical. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2021-1295. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability was found in Cisco RV160, RV160W, RV260, RV260P and RV260W (Router Operating System). It has been classified as very critical. This affects an unknown functionality of the component Web-based Management Interface. CWE is classifying the issue as CWE-472. The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was presented 02/05/2021 as cisco-sa-rv160-260-rce-XZeFkNHf. The advisory is shared at tools.cisco.com. This vulnerability is uniquely identified as CVE-2021-1295. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 02/24/2021).

Upgrading eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• RV160
• RV160W
• RV260
• RV260P
• RV260W

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion