Request a Demo
Rewterz
Rewterz Threat Advisory –CVE-2021-29765 – IBM PowerVM Hypervisor Vulnerabillity
August 5, 2021
Rewterz
Rewterz Threat Advisory –CVE-2021-1593 – Cisco Packet Tracer for Windows DLL Injection Vulnerability
August 5, 2021

Rewterz Threat Advisory –Multiple Cisco Dual WAN Gigabit VPN Routers Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-1609

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by improper HTTP requests validation. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the device or cause the device to reload.

CVE-2021-1610

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper HTTP requests validation. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges on an affected device.

Impact

  • Code Execution
  • Denial of Service
  • Unauthorized Access

Affected Vendors

Cisco

Affected Products

  • Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
  • Cisco RV340 Dual WAN Gigabit VPN Router
  • Cisco RV345P Dual WAN Gigabit POE VPN Router

Remediation

Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy