Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Vulnerability

Multiple vulnerabilities (CVE-2021-1160) exist in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. The interface is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, remote management is disabled. All firmware versions on these devices are affected, and Cisco has not released software updates [1].

Exploitation

An attacker must have valid administrator credentials on the affected device to exploit these vulnerabilities [1]. The attacker then sends crafted HTTP requests to the web-based management interface. If remote management is enabled, the attack can be launched from the WAN side; otherwise, the attacker must have LAN access. No user interaction beyond the attacker's own actions is required.

Impact

Successful exploitation could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition [1]. This gives the attacker full control over the affected device or disrupts its availability.

Mitigation

Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities [1]. As of the publication date (2021-01-13), the only mitigations are to disable remote management if not needed and to restrict LAN access to trusted administrators. The devices are not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the last update.