Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
Description
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Small Business RV Series Routers contain multiple LLDP vulnerabilities allowing unauthenticated, adjacent attackers to execute arbitrary code or cause DoS.
Vulnerability
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers [1]. The affected products include RV132W, RV134W, RV160, RV160W, RV260, RV260P, RV260W, RV320, RV325, RV340, RV340W, RV345, and RV345P routers running a vulnerable firmware release with LLDP enabled [1]. An unauthenticated, adjacent attacker could exploit these to execute arbitrary code or cause a memory leak or device reload [1].
Exploitation
To exploit these vulnerabilities, an attacker must be in the same Layer 2 broadcast domain as the affected device [1]. No authentication is required, and the attacker sends crafted LLDP packets to the vulnerable router [1]. The exact sequence of steps involves triggering a buffer overflow or similar memory corruption condition through the LLDP parsing logic [1].
Impact
Successful exploitation can lead to arbitrary code execution, resulting in full compromise of the router, or a denial of service (DoS) condition via system memory leak or device reload [1]. An attacker gaining code execution would obtain full control over the affected device [1].
Mitigation
Cisco has released software updates addressing these vulnerabilities. No workarounds are available [1]. Users should upgrade to the latest fixed firmware version for their specific router model as indicated in the Cisco Security Advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCemitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.