Vulnerability Details CVE-2021-1287
A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.5%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2021-1287
-
cpe:2.3:h:cisco:rv132w:-
-
cpe:2.3:h:cisco:rv134w:-
-
cpe:2.3:o:cisco:rv132w_firmware:-
-
cpe:2.3:o:cisco:rv132w_firmware:1.0
-
cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1
-
cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14
-
cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14
-
cpe:2.3:o:cisco:rv132w_firmware:1.0.1.8
-
cpe:2.3:o:cisco:rv134w_firmware:-
-
cpe:2.3:o:cisco:rv134w_firmware:1.0
-
cpe:2.3:o:cisco:rv134w_firmware:1.0.0.1
-
cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14
-
cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14
-
cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20
-
cpe:2.3:o:cisco:rv134w_firmware:1.0.1.8