Login Sign Up

CVE-2021-1190

7.2 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability allows authenticated remote attackers to execute arbitrary code as root or cause denial of service on affected Cisco Small Business routers. Attackers need valid administrator credentials to exploit these input validation flaws in the web management interface. Organizations using Cisco RV110W, RV130, RV130W, or RV215W routers are affected.

💻 Affected Systems

Products:
  • Cisco RV110W
  • Cisco RV130
  • Cisco RV130W
  • Cisco RV215W
Versions: All versions prior to advisory publication (no specific version range provided)
Operating Systems: Cisco IOS-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Web-based management interface must be enabled (default). Requires admin credentials for exploitation.

📦 What is this software?

Rv110w Firmware by Cisco

View all CVEs affecting Rv110w Firmware →

Rv130 Firmware by Cisco

View all CVEs affecting Rv130 Firmware →

Rv130w Firmware by Cisco

View all CVEs affecting Rv130w Firmware →

Rv215w Firmware by Cisco

View all CVEs affecting Rv215w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root-level arbitrary code execution, allowing attacker persistence, network monitoring, or lateral movement.

🟠

Likely Case

Denial of service through device reboots disrupting network connectivity for small businesses.

🟢

If Mitigated

Limited impact if strong credential management and network segmentation are implemented.

🌐 Internet-Facing: HIGH - Web management interfaces exposed to internet are directly vulnerable to authenticated attacks.
🏢 Internal Only: MEDIUM - Internal attackers with admin credentials can still exploit, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid administrator credentials. Attack involves sending crafted HTTP requests to web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U

Restart Required: No

Instructions:

No official patch available. Cisco has not released software updates. Consider workarounds or replacement.

🔧 Temporary Workarounds

Disable Web Management Interface

all

Disable the vulnerable web-based management interface and use alternative management methods.

Access router CLI via SSH/Telnet
Navigate to management settings
Disable HTTP/HTTPS management

Restrict Management Access

all

Limit web management interface access to specific trusted IP addresses only.

Configure firewall rules on router
Set management ACLs to trusted IPs only
Disable remote management

🧯 If You Can't Patch

  • Replace affected routers with supported models that receive security updates
  • Implement network segmentation to isolate routers from critical assets

🔍 How to Verify

Check if Vulnerable:

Check if you have affected Cisco RV model and web management interface is enabled.

Check Version:

Login to router web interface or CLI and check model/firmware version

Verify Fix Applied:

Verify web management interface is disabled or access restricted. No patch available to verify.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful login
  • Unusual HTTP requests to management interface
  • Device reboot logs without normal cause

Network Indicators:

  • Unusual outbound connections from router
  • HTTP traffic to management interface from unexpected sources

SIEM Query:

source="router_logs" (event="authentication success" AND src_ip NOT IN trusted_ips) OR (event="device_reboot" AND NOT reason="scheduled")

📊 Metadata

CVE ID: CVE-2021-1190
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: January 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1190, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)