Severity
High
Analysis Summary
CVE-2021-1309
A vulnerability in the LLDP implementation for Cisco Small Business RV Series Routers could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload.
CVE-2021-1251
A vulnerability in the LLDP implementation for Cisco Small Business RV Series Routers could allow an unauthenticated, adjacent attacker to cause a memory leak on an affected device.
CVE-2021-1308
A vulnerability in the LLDP implementation for Cisco Small Business RV Series Routers could allow an unauthenticated, adjacent attacker to cause an affected router to reload unexpectedly.
Impact
- Remote Code Execution
- Denial of Service
- Memory leak
Affected Vendors
Cisco
Affected Products
- RV132W ADSL2+ Wireless-N VPN Router
- RV134W VDSL2 Wireless-AC VPN Router
- RV160 VPN Router
- RV160W Wireless-AC VPN Router
- RV260 VPN Router
- RV260 VPN Router with PoE
- RV260W Wireless-AC VPN Router
- RV320 Dual Gigabit WAN VPN Router
- RV325 Dual Gigabit WAN VPN Router
- RV340 Dual WAN Gigabit VPN Router
- RV340W Dual WAN Gigabit Wireless-AC VPN Router
- RV345 Dual WAN Gigabit VPN Router
- RV345 Dual WAN Gigabit PoE VPN Router
Remediation
Refer to cisco advisory for the complete list of affected product and their respective patches