CVE-2021-1602 (CNNVD-202108-378)
中文标题:
Cisco Small Business 操作系统命令注入漏洞
英文标题:
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
漏洞描述
中文描述:
Cisco Small Business是美国思科(Cisco)公司的一个交换机。 Cisco Small Business RV160、RV160W、RV260、RV260P 和 RV260W VPN 路由器基于 Web 的管理界面中存在操作系统命令注入漏洞,该漏洞源于用户输入验证不足。该漏洞可能允许攻击者使用root级权限在受影响的设备上执行任意命令。由于漏洞的性质,只能执行没有参数的命令。
英文描述:
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware | n/a | - | - |
cpe:2.3:a:cisco:cisco_small_business_rv_series_router_firmware:n_a:*:*:*:*:*:*:*
|
| cisco | small_business_rv_series_router_firmware | * | - | - |
cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-1602 |
2025-11-11 15:20:46 | 2025-11-11 07:36:33 |
| NVD | nvd_CVE-2021-1602 |
2025-11-11 14:57:40 | 2025-11-11 07:44:55 |
| CNNVD | cnnvd_CNNVD-202108-378 |
2025-11-11 15:10:41 | 2025-11-11 07:56:53 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-202108-378
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']