Cisco Small Business RV Series Routers Vulnerabilities

Vulnerability

The web-based management interface of Cisco Small Business RV Series Routers contains multiple vulnerabilities (CVE-2021-1473). These flaws exist in the handling of HTTP requests by the device's management interface, enabling a remote attacker to execute arbitrary commands or bypass authentication and upload files on an affected device. The affected products include RV160, RV260, RV340, RV345, and RV345P routers running firmware versions prior to the fixed releases specified in the Cisco advisory.

Exploitation

An attacker can exploit these vulnerabilities by sending specially crafted HTTP requests to the targeted device's web-based management interface. The attacker does not need prior authentication to exploit the authentication bypass and file upload flaws. For the command execution vulnerability, some level of access may be required, but the exact preconditions are not fully detailed in the available references. No user interaction is required beyond the device's web interface being accessible over the network.

Impact

Successful exploitation could allow an attacker to bypass authentication and gain administrative access to the router, upload arbitrary files, or execute arbitrary commands with elevated privileges. This can lead to full compromise of the device, including disclosure of sensitive information, modification of device configuration, and potential use as a pivot point for further network attacks.

Mitigation

Cisco has released free software updates to address these vulnerabilities. Customers should upgrade their devices to the fixed firmware versions as specified in the Cisco Security Advisory [1]. No workarounds are mentioned; the recommended course of action is to apply the patch. The advisory also provides instructions for customers without service contracts to obtain the fixed software from Cisco TAC.