CVE-2021-1415

MEDIUM

Cisco RV340, RV340W, RV345, RV345P Firmware < 1.0.03.21 - Authenticated Remote Code Execution via HTTP Request

Title source: llm

Description

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b

Third Party Advisory, VDB Entry x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-21-560/

Scores

CVSS v3 6.3

EPSS 0.0121

EPSS Percentile 79.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-502

Status published

Products (4)

cisco/rv340_firmware < 1.0.03.21

cisco/rv340w_firmware < 1.0.03.21

cisco/rv345_firmware < 1.0.03.21

cisco/rv345p_firmware < 1.0.03.21

Published Apr 08, 2021

Tracked Since Feb 18, 2026