Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Link | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx | vendor advisory |
| http://seclists.org/fulldisclosure/2021/Apr/39 | third party advisory mailing list |
| http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html | exploit vdb entry third party advisory |