CVE-2021-1472

MEDIUM EXPLOITED IN THE WILD NUCLEI

Cisco Rv160 Firmware < 1.0.01.03 - Authentication Bypass

Title source: rule

Description

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Takeshi Shiomitsu, jbaines-r7 · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_rv_series_authbypass_and_rce.rb

Nuclei Templates (1)

Cisco Small Business RV Series - OS Command Injection
CRITICALVERIFIEDby gy741
Shodan: http.html:"Cisco rv340" || http.html:"cisco rv340"
FOFA: body="cisco rv340"

References (3)

Scores

CVSS v3 5.3
EPSS 0.9129
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

VulnCheck KEV 2021-10-07
InTheWild.io 2024-09-18
CWE
CWE-119 CWE-287
Status published
Products (9)
cisco/rv160_firmware < 1.0.01.03
cisco/rv160w_firmware < 1.0.01.03
cisco/rv260_firmware < 1.0.01.03
cisco/rv260p_firmware < 1.0.01.03
cisco/rv260w_firmware < 1.0.01.03
cisco/rv340_firmware < 1.0.03.21
cisco/rv340w_firmware < 1.0.03.21
cisco/rv345_firmware < 1.0.03.21
cisco/rv345p_firmware < 1.0.03.21
Published Apr 08, 2021
Tracked Since Feb 18, 2026