CVE-2021-1152 - Vulnerability Details

CVE-2021-1152 - Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Application Extension Platform Rv110w Rv110w Firmware Rv130 Vpn Router Rv130 Vpn Router Firmware Rv130w Rv130w Firmware Rv215w Wireless-n Vpn Router Rv215w Wireless-n Vpn Router Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

History

Tue, 12 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-01-13T21:37:43.802016Z

Updated: 2024-11-12T20:41:37.751Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1152

Vulnrichment

Updated: 2024-08-03T16:02:55.413Z

NVD

Status : Modified

Published: 2021-01-13T22:15:15.303

Modified: 2024-11-21T05:43:42.203

Link: CVE-2021-1152

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object