Issued: Monday, 9 August, 2021 |
Last Revision: Monday, 9 August, 2021 |
Vendor: |
Product: |
Severity Level: |
A critical security vulnerability in a subset of Cisco Systems’ small-business VPN routers could allow a remote, unauthenticated attacker to take over a device and could allow an attacker to do the following:.
- Execute arbitrary code
- Cause a denial of service (DoS) condition
- Execute arbitrary commands
Organizations are strongly encouraged to identify the vulnerable device(s) in their environment and apply patches as soon as possible. Please refer the “Affected Products” and “Recommendations” section of the is directive to know the affected products by these vulnerabilities and its solution.
Description | CVE | CVSS3.0 Score |
Web Management Remote Code Execution and Denial of Service Vulnerability | CVE-2021-1609 | 9.8 |
Web Management Command Injection Vulnerability | CVE-2021-1610 | 7.2 |
Table 1: Vulnerability details
Vulnerability / CVE | Affected Product(s) |
CVE-2021-1609 | RV340 Dual WAN Gigabit VPN Router RV340W Dual WAN Gigabit Wireless-AC VPN Router RV345 Dual WAN Gigabit VPN Router RV345P Dual WAN Gigabit POE VPN Router |
CVE-2021-1610 | RV340 Dual WAN Gigabit VPN Router RV340W Dual WAN Gigabit Wireless-AC VPN Router RV345 Dual WAN Gigabit VPN Router RV345P Dual WAN Gigabit POE VPN Router |
Cisco fixed these vulnerabilities in firmware releases 1.0.03.22 and later.
To download the software from the Software Center on Cisco.com, click Browse All and navigate to Downloads Home > Routers > Small Business Routers > Small Business RV Series Routers.