Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
Description
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Small Business RV Series Routers LLDP implementation contains multiple vulnerabilities allowing unauthenticated adjacent attackers to execute arbitrary code or cause denial of service.
Vulnerability
The Link Layer Discovery Protocol (LLDP) implementation in Cisco Small Business RV Series Routers contains multiple vulnerabilities, including CVE-2021-1309. These vulnerabilities exist in the handling of crafted LLDP packets. Affected devices include RV132W, RV134W, RV160, RV160W, RV260, RV260P, RV260W, RV320, RV325, RV340, RV340W, RV345, and RV345P routers running a vulnerable firmware release with LLDP enabled. LLDP is a Layer 2 protocol, so exploitation requires the attacker to be in the same broadcast domain as the target device [1].
Exploitation
An unauthenticated attacker who is Layer 2 adjacent (i.e., in the same broadcast domain) can exploit these vulnerabilities by sending specially crafted LLDP packets to the affected router. No authentication or user interaction is required. The attacker must be able to send LLDP frames to the device, which is typically possible from within the local network segment [1].
Impact
Successful exploitation can allow the attacker to execute arbitrary code on the device, cause a memory leak, or trigger a device reload. Arbitrary code execution gives the attacker full control over the router, while memory leaks or reloads result in a denial of service (DoS) condition. The impact is high, as it can lead to complete compromise or disruption of network services [1].
Mitigation
Cisco has released software updates that address these vulnerabilities. The fixed versions are specified in the Cisco Security Advisory [1]. There are no workarounds that mitigate the vulnerabilities. Users should upgrade to the latest firmware for their respective router models. The vulnerabilities are not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCemitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.