Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0143 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities 14 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Small Business routers Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Existing Account Resolution: None CVE Names: CVE-2021-1150 CVE-2021-1149 CVE-2021-1148 CVE-2021-1147 CVE-2021-1146 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities Priority: High Advisory ID: cisco-sa-rv-command-inject-LBdQ2KRN First Published: 2021 January 13 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvv96723 CSCvv96725 CSCvv96726 CSCvv96727 CSCvw49751 CSCvw49774 CSCvw49777 CVE Names: CVE-2021-1146 CVE-2021-1147 CVE-2021-1148 CVE-2021-1149 CVE-2021-1150 CWEs: CWE-20 Summary o Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN Affected Products o Vulnerable Products These vulnerabilities affect the following Cisco Small Business routers: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router The web-based management interface of these devices is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, the remote management feature is disabled for these devices. Determine the Device Configuration To determine whether the remote management feature is enabled for a device, open the web-based management interface and choose Basic Settings > Remote Management . If the Enable box is checked, remote management is enabled for the device. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products : End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV Series Routers (selected models) Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers. When considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the new device will be sufficient for their network needs, that new devices contain sufficient memory, and that current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o Cisco would like to thank the following people for reporting these vulnerabilities: Kai Cheng from Institute of Information Engineering, Chinese Academy of Sciences for CVE-2021-1146, CVE-2021-1147, CVE-2021-1148, and CVE-2021-1150. KrCERT/CC Vulnerability Analysis Team for CVE-2021-1149. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-13 | +----------+---------------------------+----------+--------+--------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX/+5FeNLKJtyKPYoAQjN2A//YNe+6LI227eI5qFdCirE+jF612dzGqaE H1b4tq+1U0ryvFVzTx5XtCZopVEN83fT+VGEtRZWb7hmY/YiiQq6tSeRePgHScJO dDT+2MpIxnHQiActc9Z+SiVwcRoPtUQA+FVA7lnAKemM3IFAujquuEYKzDZT3ayc Us7Wfkkx9JcI9heEeyPh8N2/OUXPoxJxYh+J+uVkDgQhfsft8pTY6zAxxYLiLHfw 3I6al4NBiTQaP6oAdOfU7lZlVV6cysqBWxLJOl/gTj0USoEm5U7ZiQsiYxq4pzxh trdPv90xMzx0dntehX44R+WCnB8Q61Qw3JnXq069+PTEKDMKBFlj7f93UKpIEW1b WxgCunyMAmTVth5U5ovmlqOEY9QCtDesHiTMAxBsK2g/5U1m8zzjT7B0lGKcfN7S 3mEgJm9xuv27og6gHANAxyfVpaX+L/ZxFLIbg3gL5ohOIQk6rA1xdkJ8YFNXdmM7 A1YZW/bv5ePKu+39oQtsQtb3QwCV9ISVS0XoUIoWRdNFedcQucFq0sXsV9PAnrtQ 1lEbVFRP1XZO0+0VsN8+62pNpynjdYBHZeB8IPzbyhpz/F3JQA5A4fK2Xfimcdle m4YctUWxiBGOpDKhYAvie5NhucVb7d7bbjJ3W8R48bHTntWamZDwiOqW3ava3ZqB MFjiODb7iu4= =5eOx -----END PGP SIGNATURE-----