Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability

Vulnerability

The vulnerability (CVE-2021-1459) exists in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers. It stems from improper validation of user-supplied input in the web-based management interface [1]. The interface is accessible via a local LAN connection (cannot be disabled) or through the WAN connection if the remote management feature is enabled (disabled by default) [1]. All software versions of the affected products are potentially vulnerable, and Cisco has not released software updates to address this issue [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by sending crafted HTTP requests to a targeted device [1]. No authentication is required, but if remote management is disabled, the attacker must have local network access to the device. The attacker must craft specific HTTP requests that trigger the input validation flaw in the web management interface [1].

Impact

A successful exploit allows the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device [1]. This grants full control over the router, including the ability to modify configurations, intercept network traffic, and launch further attacks inside the network.

Mitigation

As of the publication date (2021-04-08), Cisco has not released software updates that address this vulnerability, and there are no workarounds [1]. Users should consider disabling remote management on the WAN interface if it is enabled, and restrict LAN access to the management interface to trusted users only. The affected devices may be approaching end-of-life; migrating to supported models is recommended [1].