OpenCVE

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Application Extension Platform Rv110w Rv110w Firmware Rv130 Vpn Router Rv130 Vpn Router Firmware Rv130w Rv130w Firmware Rv215w Wireless-n Vpn Router Rv215w Wireless-n Vpn Router Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:rv110w_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv110w_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv130_vpn_router_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv130_vpn_router:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:rv130w_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv130w_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.2.2.8:::::::*
	cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:1.3.1.7:::::::*

cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:cisco:application_extension_platform:1.0.3.55:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC

History

Tue, 12 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-01-13T21:37:24.881748Z

Updated: 2024-11-12T20:42:07.520Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1156

Vulnrichment

Updated: 2024-08-03T16:02:55.770Z

NVD

Status : Modified

Published: 2021-01-13T22:15:15.630

Modified: 2024-11-21T05:43:42.727

Link: CVE-2021-1156

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object