CVE-2021-1167 – This CVE describes multiple input validation vu... (How to Fix)

Q: What is the severity of CVE-2021-1167?

CVE-2021-1167 has a CVSS score of 7.2 (HIGH). This CVE describes multiple input validation vulnerabilities in Cisco Small Business RV series routers' web management interface. Authenticated attackers can execute arbitrary code as root or cause denial of service via crafted HTTP requests. Affected devices include RV110W, RV130, RV130W, and RV215W routers.

📋 TL;DR

This CVE describes multiple input validation vulnerabilities in Cisco Small Business RV series routers' web management interface. Authenticated attackers can execute arbitrary code as root or cause denial of service via crafted HTTP requests. Affected devices include RV110W, RV130, RV130W, and RV215W routers.

💻 Affected Systems

Products:

Cisco RV110W
Cisco RV130
Cisco RV130W
Cisco RV215W

Versions: All versions up to and including those current as of advisory publication (no specific version range provided in CVE)

Operating Systems: Cisco IOS-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires web management interface enabled and attacker with valid administrator credentials

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root-level arbitrary code execution, allowing attacker persistence, data theft, and use as pivot point in network.

🟠

Likely Case

Denial of service through device reboot, disrupting network connectivity for connected users and services.

🟢

If Mitigated

Limited to authenticated administrators only, reducing attack surface significantly with proper credential management.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials but uses simple HTTP requests; public PoC exists for DoS variant

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Restart Required: No

Instructions:

No official patch available. Cisco recommends upgrading to newer hardware models as these devices have reached end-of-life.

🔧 Temporary Workarounds

Disable Web Management Interface

all

Disable the vulnerable web-based management interface to prevent exploitation

Access router CLI via SSH/Telnet
configure terminal
no ip http server
no ip http secure-server
end
write memory

Restrict Management Access

all

Limit web management interface access to specific trusted IP addresses only

configure terminal
ip http access-class [ACL-NAME]
ip http secure-server access-class [ACL-NAME]
end
write memory

🧯 If You Can't Patch

Replace affected routers with newer supported models (RV160, RV260, or later)
Implement network segmentation to isolate routers from critical assets

🔍 How to Verify

Check if Vulnerable:

Check router model and firmware version via web interface or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify web interface is disabled: 'show running-config | include http' should show no http server lines

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login
Unusual HTTP POST requests to management interface
Device reboot logs without scheduled maintenance

Network Indicators:

HTTP traffic to router management interface from unexpected sources
Sudden increase in management interface traffic

SIEM Query:

source="router_logs" (http AND (admin OR login) AND success) AND (POST OR reboot)

📊 Metadata

CVE ID: CVE-2021-1167

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: January 13, 2021

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html Exploit,Third Party Advisory,VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U Vendor Advisory
http://packetstormsecurity.com/files/160953/Cisco-RV110W-1.2.1.7-Denial-Of-Service.html Exploit,Third Party Advisory,VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1167, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Application Extension Platform by Cisco

Rv110w Firmware by Cisco

Rv110w Firmware by Cisco

Rv110w Firmware by Cisco

Rv130 Vpn Router Firmware by Cisco

Rv130 Vpn Router Firmware by Cisco

Rv130w Firmware by Cisco

Rv130w Firmware by Cisco

Rv215w Wireless N Vpn Router Firmware by Cisco

Rv215w Wireless N Vpn Router Firmware by Cisco

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Web Management Interface

Restrict Management Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities