Rewterz Threat Advisory –CVE-2021-29765 – IBM PowerVM Hypervisor Vulnerabillity
August 5, 2021Rewterz Threat Advisory –CVE-2021-1593 – Cisco Packet Tracer for Windows DLL Injection Vulnerability
August 5, 2021Rewterz Threat Advisory –CVE-2021-29765 – IBM PowerVM Hypervisor Vulnerabillity
August 5, 2021Rewterz Threat Advisory –CVE-2021-1593 – Cisco Packet Tracer for Windows DLL Injection Vulnerability
August 5, 2021Severity
High
Analysis Summary
CVE-2021-1609
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by improper HTTP requests validation. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the device or cause the device to reload.
CVE-2021-1610
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper HTTP requests validation. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges on an affected device.
Impact
- Code Execution
- Denial of Service
- Unauthorized Access
Affected Vendors
Cisco
Affected Products
- Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
- Cisco RV340 Dual WAN Gigabit VPN Router
- Cisco RV345P Dual WAN Gigabit POE VPN Router
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.