Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-13193

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Mar, 2020 | 18:40
Updated At-04 Aug, 2024 | 23:41
Rejected At-
Credits

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Mar, 2020 | 18:40
Updated At:04 Aug, 2024 | 23:41
Rejected At:
▼CVE Numbering Authority (CNA)

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://global.brother
x_refsource_MISC
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/
x_refsource_MISC
https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000
x_refsource_MISC
Hyperlink: https://global.brother
Resource:
x_refsource_MISC
Hyperlink: https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/
Resource:
x_refsource_MISC
Hyperlink: https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://global.brother
x_refsource_MISC
x_transferred
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/
x_refsource_MISC
x_transferred
https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000
x_refsource_MISC
x_transferred
Hyperlink: https://global.brother
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Mar, 2020 | 19:15
Updated At:16 Aug, 2023 | 18:51

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Brother Industries, Ltd.
brother
>>ads-2400n_firmware>>-
cpe:2.3:o:brother:ads-2400n_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>ads-2400n>>-
cpe:2.3:h:brother:ads-2400n:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>ads-2800w_firmware>>-
cpe:2.3:o:brother:ads-2800w_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>ads-2800w>>-
cpe:2.3:h:brother:ads-2800w:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>ads-3000n_firmware>>-
cpe:2.3:o:brother:ads-3000n_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>ads-3000n>>-
cpe:2.3:h:brother:ads-3000n:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>ads-3600w_firmware>>-
cpe:2.3:o:brother:ads-3600w_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>ads-3600w>>-
cpe:2.3:h:brother:ads-3600w:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610w_firmware>>-
cpe:2.3:o:brother:dcp-1610w_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610w>>-
cpe:2.3:h:brother:dcp-1610w:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610we_firmware>>-
cpe:2.3:o:brother:dcp-1610we_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610we>>-
cpe:2.3:h:brother:dcp-1610we:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610wr_firmware>>-
cpe:2.3:o:brother:dcp-1610wr_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610wr>>-
cpe:2.3:h:brother:dcp-1610wr:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610wvb_firmware>>-
cpe:2.3:o:brother:dcp-1610wvb_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1610wvb>>-
cpe:2.3:h:brother:dcp-1610wvb:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612w_firmware>>-
cpe:2.3:o:brother:dcp-1612w_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612w>>-
cpe:2.3:h:brother:dcp-1612w:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612we_firmware>>-
cpe:2.3:o:brother:dcp-1612we_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612we>>-
cpe:2.3:h:brother:dcp-1612we:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612wr_firmware>>-
cpe:2.3:o:brother:dcp-1612wr_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612wr>>-
cpe:2.3:h:brother:dcp-1612wr:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612wvb_firmware>>-
cpe:2.3:o:brother:dcp-1612wvb_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1612wvb>>-
cpe:2.3:h:brother:dcp-1612wvb:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1615nw_firmware>>-
cpe:2.3:o:brother:dcp-1615nw_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1615nw>>-
cpe:2.3:h:brother:dcp-1615nw:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1616nw_firmware>>-
cpe:2.3:o:brother:dcp-1616nw_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1616nw>>-
cpe:2.3:h:brother:dcp-1616nw:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1617nw_firmware>>-
cpe:2.3:o:brother:dcp-1617nw_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1617nw>>-
cpe:2.3:h:brother:dcp-1617nw:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1618w_firmware>>-
cpe:2.3:o:brother:dcp-1618w_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1618w>>-
cpe:2.3:h:brother:dcp-1618w:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1622we_firmware>>-
cpe:2.3:o:brother:dcp-1622we_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1622we>>-
cpe:2.3:h:brother:dcp-1622we:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1623we_firmware>>-
cpe:2.3:o:brother:dcp-1623we_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1623we>>-
cpe:2.3:h:brother:dcp-1623we:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1623wr_firmware>>-
cpe:2.3:o:brother:dcp-1623wr_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-1623wr>>-
cpe:2.3:h:brother:dcp-1623wr:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-7180dn_firmware>>-
cpe:2.3:o:brother:dcp-7180dn_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-7180dn>>-
cpe:2.3:h:brother:dcp-7180dn:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-7195dw_firmware>>-
cpe:2.3:o:brother:dcp-7195dw_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-7195dw>>-
cpe:2.3:h:brother:dcp-7195dw:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-9030cdn_firmware>>-
cpe:2.3:o:brother:dcp-9030cdn_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-9030cdn>>-
cpe:2.3:h:brother:dcp-9030cdn:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-b7520dw_firmware>>-
cpe:2.3:o:brother:dcp-b7520dw_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-b7520dw>>-
cpe:2.3:h:brother:dcp-b7520dw:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-b7520dw_firmware>>-
cpe:2.3:o:brother:dcp-b7520dw_firmware:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-b7520dw>>-
cpe:2.3:h:brother:dcp-b7520dw:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-b7530dn>>-
cpe:2.3:h:brother:dcp-b7530dn:-:*:*:*:*:*:*:*
Brother Industries, Ltd.
brother
>>dcp-b7530dn_firmware>>-
cpe:2.3:o:brother:dcp-b7530dn_firmware:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://global.brothercve@mitre.org
Vendor Advisory
https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000cve@mitre.org
Vendor Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://global.brother
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100670_000
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

558Records found
CVE-2019-13192
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.85% / 88.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 18:42
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.

Action-Not Available
Vendor-n/aBrother Industries, Ltd.
Product-mfc-j895dwmfc-l6900dwhl-l6450dwhl-l6400dwtads-2800wdcp-1617nwmfc-l2720dn\(jpn\)mfc-j497dwdcp-t710w\(chn\)_firmwaremfc-j1500n\(jpn\)mfc-j5335dwmfc-l2740dwr_firmwaremfc-l2750dw_firmwaremfc-l3770cdw_firmwaredcp-7195dw_firmwaremfc-l2705dwmfc-j893n_firmwaredcp-1623wr_firmwaremfc-l6900dwx_firmwaredcp-l8410cdw_firmwaremfc-9350cdwmfc-j998dn_firmwarehl-l8260cdndcp-l2560dwrdcp-j982n-bmfc-l5702dw_firmwarehl-l2370dnhl-l2350dw_firmwaremfc-j893nmfc-l2720dw_firmwaremfc-l9570cdw_firmwarehl-l3230cdwhl-b2050dnhl-1211w_firmwaredcp-j572dwdcp-j577ndcp-j973n-wmfc-l2720dwr_firmwaredcp-l2531dw_firmwaremfc-j998dwn_firmwaredcp-l2520dw_firmwaremfc-l2707dwmfc-l9570cdwdcp-j978n-b_firmwaredcp-t710w_firmwaredcp-l2540dw\(jpn\)dcp-1610wvbmfc-l5802dwmfc-9350cdw_firmwaremfc-8530dnmfc-l2705dw_firmwaremfc-1910wmfc-1916nwmfc-j1300dwmfc-l2712dn_firmwaremfc-l3730cdn_firmwaremfc-j995dwmfc-9150cdndcp-l3551cdw_firmwarehl-l8360cdwtmfc-1911wdcp-l6600dwdcp-l2541dw_firmwaremfc-j805dw_xl_firmwaremfc-j6535dwmfc-l2701dwdcp-j982n-w_firmwaredcp-b7535dwmfc-j6947dw_firmwaremfc-l5700dw_firmwaredcp-l5500dnhl-1210wvb_firmwarehl-l9310cdwmfc-l2717dw_firmwarehl-l2395dw_firmwaremfc-l8610cdwmfc-j5730dw_firmwaremfc-l8900cdwmfc-l2685dw_firmwarehl-l6200dwt_firmwaredcp-j772dwhl-l2370dn_firmwaremfc-l2712dwdcp-1610wvb_firmwarehl-j6000cdw\(jpn\)_firmwarehl-l8360cdwt_firmwareads-3000nmfc-j5845dw_xl_firmwaredcp-j978n-w_firmwaredcp-1610wemfc-l8900cdw_firmwaredcp-l2540dnhl-l8360cdw_firmwaremfc-j805dw_firmwaredcp-b7530dndcp-l5650dnmfc-t810w\(chn\)dcp-l8410cdwdcp-1616nwmfc-8540dn_firmwaremfc-l2710dw_firmwaremfc-l5802dw_firmwarehl-l2375dw_firmwarehl-1210wvbmfc-l2713dw_firmwaremfc-l5902dwdcp-l5502dnhl-l2366dw_firmwarehl-1210wr_firmwarehl-l3270cdwdcp-l5600dn_firmwareads-2400n_firmwaremfc-l2720dwrhl-l2375dwhl-l5202dw_firmwaredcp-1610we_firmwaremfc-l2700dw\(oce\)_firmwaremfc-j995dw_xlhl-l8360cdwmfc-j491dwhl-l2385dwmfc-1912wrmfc-l2750dw\(jpn\)_firmwarehl-l6200dwtdcp-1610wrdcp-l3510cdwmfc-l2740dw_firmwarehl-1223we_firmwaremfc-j3530dwads-2800w_firmwaremfc-j6930dw_firmwaremfc-l6702dw_firmwaremfc-l2715dw\(twn\)hl-l5100dnthl-1210w_firmwaremfc-j1500n\(jpn\)_firmwarehl-b2050dn_firmwaredcp-l3550cdw_firmwaremfc-t910dw_firmwaredcp-l2532dw_firmwaremfc-l8610cdw\(jpn\)_firmwaredcp-b7530dn_firmwaremfc-l5755dw_firmwaremfc-l2700dwmfc-l6900dw_firmwaremfc-l5900dw_firmwaredcp-l5652dndcp-l2520dwmfc-l2700dw\(oce\)mfc-l2700dw_firmwarehl-1218whl-l3210cwdcp-l2520dwr_firmwaremfc-j6730dw_firmwarefax-l2700dn\(jpn\)mfc-l2717dwdcp-1618w_firmwaredcp-l2550dn_firmwaredcp-l2541dwhl-l2365dwrmfc-j6530dwdcp-1615nwdcp-7180dn_firmwaremfc-l5850dw_firmwaremfc-l6950dw_firmwarehl-b2080dwmfc-l2680whl-l2360dw_firmwareads-3600w_firmwarefax-l2710dn\(jpn\)_firmwaremfc-j5330dwmfc-l5800dw_firmwarehl-l3290cdwmfc-l2750dwxl_firmwaredcp-1615nw_firmwaremfc-j5335dw_firmwaremfc-l6950dwhl-l8260cdn_firmwaremfc-l2730dwhl-l6400dwxhl-l6250dw_firmwaredcp-1617nw_firmwarehl-l2340dwrmfc-7895dw_firmwaremfc-l2740dw\(jpn\)mfc-1911nw_firmwarehl-l6300dw_firmwaredcp-l3550cdwhl-l2305w_firmwaredcp-1612wemfc-l5700dwmfc-j6535dw_firmwaredcp-j774dwhl-l6200dwmfc-j998dwndcp-j572n_firmwaredcp-l2550dwmfc-l6902dwmfc-7880dn_firmwaremfc-j5845dw_firmwaremfc-j890dw_firmwaremfc-j5330dw_firmwaremfc-j738dwn_firmwarehl-l2380dwmfc-l6750dw_firmwaremfc-l9570cdw\(jpn\)_firmwaredcp-1612wvbdcp-l2540dw_firmwaremfc-l2770dw_firmwarehl-l2395dwdcp-l2551dndcp-l2532dwdcp-l3551cdwmfc-l6900dw\(jpn\)mfc-l3730cdnhl-l3210cw_firmwaredcp-j988n\(jpn\)mfc-l2740dw\(jpn\)_firmwaremfc-j903nmfc-l6900dw\(jpn\)_firmwaremfc-l5750dwdcp-l3517cdwmfc-1911w_firmwaremfc-j497dw_firmwarehl-j6000dwhl-j6000dw_firmwaremfc-l6902dw_firmwaremfc-j995dw_firmwaremfc-j6945dwmfc-j5630cdwhl-1212wr_firmwaremfc-l2740dwrmfc-t910dwmfc-j6947dwmfc-l2712dnmfc-j6935dw_firmwaremfc-l2713dwmfc-l6702dwmfc-l3735cdnmfc-l5755dw\(jpn\)_firmwarehl-3190cdw_firmwaremfc-j6530dw_firmwarehl-l2361dnmfc-j5845dwhl-l2366dwdcp-j774dw_firmwaremfc-j6997cdw\(jpn\)_firmwaremfc-j6999cdw\(jpn\)hl-l6202dw_firmwaremfc-8540dnhl-l8260cdw_firmwaremfc-t4500dwmfc-j738dnmfc-l2700dwr_firmwaredcp-b7520dwmfc-j5930dw_firmwarehl-3160cdw_firmwarehl-l6200dw_firmwaremfc-l2720dwdcp-7180dnmfc-j2330dwhl-5590dnmfc-l8610cdw_firmwaremfc-j690dwmfc-l6900dwgmfc-l2716dwhl-l5200dw_firmwaremfc-9150cdn_firmwaremfc-l2710dnmfc-7880dnhl-l6400dwgmfc-l2771dw_firmwarehl-1223wedcp-l5650dn_firmwaremfc-1919nw_firmwareads-3000n_firmwaremfc-l6700dw_firmwaredcp-9030cdn_firmwaredcp-l2520dwrdcp-j972nmfc-j6999cdw\(jpn\)_firmwaredcp-1612we_firmwaredcp-j973n-b_firmwaremfc-j6980cdw\(jpn\)_firmwaremfc-j898nmfc-j6545dw_firmwaremfc-l2750dw\(jpn\)dcp-l2530dw_firmwaremfc-1910wedcp-l5500dn_firmwaremfc-j805dwmfc-j895dw_firmwarehl-1222wemfc-j898n_firmwaredcp-l2540dnr_firmwarehl-l3230cdnhl-1218w_firmwaredcp-7195dwhl-l6250dn_firmwaredcp-l2551dwhl-l2340dwr_firmwaremfc-1911nwads-3600whl-l2360dnrdcp-l2560dw_firmwaremfc-j1300dw_firmwaremfc-l2710dwhl-2560dndcp-j981n_firmwaremfc-b7715dw_firmwaremfc-l3710cw_firmwarehl-l6402dw_firmwaredcp-l2551dw_firmwaremfc-l2712dw_firmwaremfc-j995dw_xl_firmwaredcp-l2537dw_firmwaremfc-l2732dwmfc-l2750dwhl-l2315dwmfc-l2685dwmfc-l5702dwdcp-l2537dwmfc-j903n_firmwaredcp-1612wvb_firmwaremfc-1912wr_firmwaremfc-l6800dwdcp-l2535dwdcp-l2550dw_firmwarehl-l2352dw_firmwaredcp-j582n_firmwaredcp-l5602dn_firmwaremfc-t4500dw_firmwarehl-2595dw_firmwaremfc-t810whl-l2340dwmfc-j2330dw_firmwarehl-1222we_firmwaremfc-j6580cdw\(jpn\)dcp-1612wr_firmwarehl-l5100dn_firmwaremfc-j5730dwmfc-l6700dwdcp-t510wmfc-j6983cdwhl-l2365dwdcp-j982n-b_firmwaremfc-l6750dwdcp-j978n-wmfc-j6583cdwdcp-l2550dndcp-l2560dwr_firmwaredcp-j988n\(jpn\)_firmwarehl-l2386dw_firmwaremfc-b7720dnhl-l2372dnmfc-l3735cdn_firmwarehl-3160cdwmfc-l6800dw_firmwarehl-l3230cdn_firmwarehl-l2376dwhl-t4000dw_firmwaremfc-l2701dw_firmwaredcp-b7535dw_firmwaredcp-l6600dw_firmwaremfc-1915w_firmwaremfc-l2680w_firmwaremfc-l2732dw_firmwarehl-1212w_firmwaredcp-l2531dwdcp-t510w\(chn\)dcp-l2530dwmfc-j738dwnmfc-j6545dw_xl_firmwaremfc-l6970dwmfc-j738dn_firmwaredcp-j972n_firmwaredcp-1618wdcp-j772dw_firmwaredcp-t510w_firmwaremfc-l5902dw_firmwaremfc-l2716dw_firmwaremfc-l5800dwmfc-j815dw_xlmfc-j5630cdw_firmwaredcp-l3517cdw_firmwaredcp-j973n-bmfc-l3770cdwdcp-l5602dnmfc-l5750dw_firmwarehl-1212wvbmfc-l2730dw_firmwaredcp-j982n-wmfc-j5930dwfax-l2700dn\(jpn\)_firmwarehl-l2361dn_firmwarehl-l6400dwg_firmwaremfc-l9577cdwdcp-1612wrmfc-j805dw_xlmfc-l2720dn\(jpn\)_firmwaremfc-j6995cdw\(jpn\)_firmwaremfc-j6583cdw_firmwaremfc-j1605dn_firmwarehl-l6400dwdcp-l2535dw_firmwarehl-l6300dwdcp-1610wr_firmwaremfc-j491dw_firmwarehl-l5202dwdcp-j1100dwmfc-j6545dwdcp-l5600dndcp-j978n-bdcp-l3510cdw_firmwaremfc-l2703dw_firmwaremfc-l2730dn\(jpn\)hl-l5100dnmfc-j3930dwmfc-j3930dw_firmwaremfc-j6995cdw\(jpn\)mfc-j5830dwdcp-l2552dnmfc-j5945dw_firmwarehl-l2350dwhl-l3230cdw_firmwaredcp-l2540dwdcp-l2551dn_firmwaremfc-l5755dwmfc-j6930dwhl-l2340dw_firmwaredcp-1610w_firmwaredcp-l2560dwhl-l2365dw_firmwaremfc-j998dnhl-l6300dwt_firmwaremfc-l5850dwhl-j6100dwmfc-j6545dw_xldcp-j572nmfc-l3745cdw_firmwarehl-l2376dw_firmwaremfc-j5845dw_xldcp-1616nw_firmwarehl-l2360dnhl-l5200dwtmfc-l8610cdw\(jpn\)hl-l5595dnhl-t4000dwhl-l2371dnhl-l5200dwt_firmwarehl-l6402dwmfc-b7715dwdcp-1623wrhl-1212we_firmwaremfc-1916nw_firmwaredcp-t710wmfc-j6980cdw\(jpn\)hl-l2315dw_firmwaredcp-l2540dw\(jpn\)_firmwarehl-l5595dn_firmwarehl-l9310cdw_firmwarehl-l5102dwmfc-b7720dn_firmwarehl-l2365dwr_firmwaremfc-l3710cwhl-l6202dwmfc-l5700dnhl-l2370dw_firmwaremfc-l2770dwmfc-j6945dw_firmwarehl-1210wrmfc-l2750dwxlmfc-l5900dwhl-l2370dwdcp-1610whl-l5102dw_firmwaremfc-j2730dw_firmwarehl-1210wehl-l2305wdcp-l2540dn_firmwarehl-2560dn_firmwaredcp-l2550dw\(jpn\)_firmwarehl-j6100dw_firmwaremfc-j3530dw_firmwaremfc-j5830dw_firmwarehl-l2385dw_firmwarehl-l5200dwdcp-b7520dw_firmwaredcp-1612wmfc-j6983cdw_firmwaredcp-j582nhl-1210whl-l2386dwhl-1210we_firmwaremfc-j890dwmfc-j5945dwfax-l2710dn\(jpn\)mfc-1910w_firmwaremfc-j2730dwmfc-1910we_firmwarehl-l2371dn_firmwarehl-l2360dn_firmwaremfc-l2752dw_firmwarehl-l2351dw_firmwarehl-l2370dwxlmfc-l2751dwmfc-j1605dnhl-l6450dw_firmwaredcp-j973n-w_firmwaremfc-j6580cdw\(jpn\)_firmwaremfc-l2710dn_firmwarehl-1212wvb_firmwarehl-l2357dw_firmwaremfc-l6900dwg_firmwaremfc-l2703dwhl-l6400dwx_firmwarehl-l5100dnt_firmwarehl-3190cdwhl-l6400dwt_firmwaremfc-1915wmfc-l8690cdw_firmwaremfc-l3750cdw_firmwaremfc-l2730dn\(jpn\)_firmwaredcp-9030cdnmfc-l9577cdw_firmwarehl-l2390dw_firmwaremfc-l3750cdwhl-1212wdcp-t510w\(chn\)_firmwaremfc-t810w\(chn\)_firmwaremfc-8535dn_firmwaremfc-1919nwmfc-t810w_firmwarehl-l2370dwxl_firmwarehl-l8260cdwhl-j6000cdw\(jpn\)mfc-l2700dndcp-l2552dn_firmwaremfc-l2700dn_firmwaredcp-l5652dn_firmwaremfc-l2771dwdcp-1612w_firmwaremfc-l6970dw_firmwarehl-1211wmfc-l3745cdwmfc-l2707dw_firmwaremfc-l8690cdwdcp-l2540dnrdcp-j577n_firmwaredcp-j1100dw_firmwarehl-l6400dw_firmwaredcp-t710w\(chn\)dcp-j572dw_firmwarehl-2595dwhl-l2360dnr_firmwarehl-l2351dwmfc-l2715dw_firmwaremfc-j6730dwhl-5590dn_firmwaremfc-8535dnmfc-l5700dn_firmwareads-2400ndcp-1622wemfc-l9570cdw\(jpn\)mfc-l2740dwmfc-j815dw_xl_firmwarehl-b2080dw_firmwaremfc-l2700dnrmfc-l2751dw_firmwaremfc-j6997cdw\(jpn\)hl-l2372dn_firmwarehl-1212wemfc-l2700dnr_firmwaredcp-1622we_firmwaremfc-j6935dwdcp-l2550dw\(jpn\)mfc-l2715dwmfc-l2752dwdcp-j981ndcp-1623wemfc-8530dn_firmwarehl-l6250dwmfc-7895dwmfc-j690dw_firmwaredcp-l5502dn_firmwarehl-l6300dwtmfc-l2700dwrdcp-1623we_firmwarehl-l3290cdw_firmwaremfc-l5755dw\(jpn\)hl-l6250dnhl-l2352dwhl-l2360dwhl-l2380dw_firmwaremfc-l2715dw\(twn\)_firmwaremfc-l6900dwxhl-l2390dwhl-l2357dwhl-l3270cdw_firmwarehl-1212wrn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23566
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.39% / 60.25%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:32
Updated-22 Apr, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds write in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-26096
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.53% / 67.18%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:57
Updated-25 Oct, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisandboxFortinet FortiSandbox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4496
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.91%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 06:00
Updated-27 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formWifiMacFilterSet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263085 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-41766
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.67%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 08:18
Updated-11 Mar, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow on parsing web request

A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.

Action-Not Available
Vendor-mbs-solutionsMBS
Product-ubr-02ubr-lonuniversal_bacnet_router_firmwareubr-01_mk_iiUBR-01 Mk IIUBR-LONUBR-02
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47384
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-3.06% / 86.85%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:46
Updated-17 Jul, 2025 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to stack based out-of-bounds write

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-0927
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.77%
||
7 Day CHG+0.03%
Published-23 Mar, 2025 | 15:00
Updated-22 Jan, 2026 | 16:58
Rejected-08 Apr, 2025 | 08:07
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Filesystem bugs due to corrupt images are not considered a CVE for any filesystem that is only mountable by CAP_SYS_ADMIN in the initial user namespace. That includes delegated mounting.

Action-Not Available
Vendor-Linux Kernel Organization, IncCanonical Ltd.
Product-
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21901
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.24%
||
7 Day CHG~0.00%
Published-22 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-garrettn/a
Product-ic_module_cmaGarrett Metal Detectors
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46341
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.94% / 76.43%
||
7 Day CHG-0.17%
Published-14 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectX.Org FoundationRed Hat, Inc.
Product-enterprise_linuxfedorax_serverdebian_linuxxorg-x11-server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21906
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.2||HIGH
EPSS-0.38% / 59.69%
||
7 Day CHG+0.10%
Published-22 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.

Action-Not Available
Vendor-garrettn/a
Product-ic_module_cmaGarrett Metal Detectors
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20039
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-8.8||HIGH
EPSS-2.88% / 86.45%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 02:34
Updated-23 Apr, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6763mt6890mt8765mt8788mt2735mt8792mt8796mt6980dmt6762mt6298mt6765tmt6297mt6762dmt2731mt6983mt6785umt6768mt6762mmt6990mt8673mt6893mt8675mt8791tmt6889mt8676mt6765mt6781lr12amt8791mt6771mt8768mt6853mt6885lr13mt6813mt6895mt6785tmt6769tmt6835mt6855mt6875mt6873mt6769zmt6886nr16mt6896mt6779mt6985mt6895tmt8766mt6877mt6783mt8786mt6815mt6789mt6833mt8798mt6883mt6875tmt6785mt6897mt6879mt2737mt6989mt3967mt6986dmt6761nr17mt6986nr15mt8797mt6739mt8781mt6769mt8666mt6767mt8667mt6891mt6980mt6880MT2731, MT2735, MT2737, MT3967, MT6297, MT6298, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6989, MT6990, MT8666, MT8667, MT8673, MT8675, MT8676, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8791, MT8791T, MT8792, MT8796, MT8797, MT8798nr17lr13lr12anr15nr16
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20048
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-8.8||HIGH
EPSS-1.36% / 80.39%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 03:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall. This vulnerability affected SonicOS Gen 5, Gen 6 and Gen 7 firmware versions.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz670tz500wsonicosnsa_3700nsa_2700nssp_15700nsa_6700tz300nsa_9250tz400tz350wnsa_9450nsv_25tz300wnsa_6650nsv_100nssp_12800nssp_13700nsa_2650nsa_4650tz400wtz470tz570nssp_12400supermassive_e10200tz600psupermassive_e10800soho_250nsa_3650supermassive_e10400nsv_270nsv_200nsv_50nsv_470nsa_4700nsv_400tz270wnsv_1600tz600supermassive_9800tz570wtz300ptz350supermassive_9600tz570pnsv_800supermassive_9200tz370nsv_300tz470wsupermassive_9400nsv_10tz370wnsa_5650nsv_870tz500soho_250wtz270nsa_9650SonicOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20043
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-8.8||HIGH
EPSS-4.93% / 89.72%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 09:55
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_410_firmwaresma_210sma_410sma_400_firmwaresma_210_firmwaresma_500v_firmwaresma_500vsma_200_firmwaresma_200sma_400SonicWall SMA100
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1181
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1335
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1187
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1202
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:15
Updated-12 Nov, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1200
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:15
Updated-12 Nov, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1207
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:15
Updated-12 Nov, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1170
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1193
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21740
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.6||HIGH
EPSS-0.31% / 54.53%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 14:30
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Action-Not Available
Vendor-n/aGoogle LLC
Product-tensorflown/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1215
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1307
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:45
Updated-12 Nov, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1192
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1210
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1159
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:37
Updated-12 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1360
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:46
Updated-12 Nov, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1174
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:35
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1183
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1161
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1163
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1197
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1172
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:35
Updated-12 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-4974
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.09% / 25.54%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 19:52
Updated-31 Mar, 2026 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac7_firmwareac7AC7
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1212
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1191
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1171
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:35
Updated-12 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1176
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:35
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1184
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:21
Updated-12 Nov, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1216
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1196
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1214
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1337
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.49% / 65.69%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:41
Updated-08 Nov, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv042_dual_wan_vpn_router_firmwarerv016_multi-wan_vpn_router_firmwarerv042_dual_wan_vpn_routerrv082_dual_wan_vpn_router_firmwarerv325_dual_gigabit_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv016_multi-wan_vpn_routerrv320_dual_gigabit_wan_vpn_routerrv320_dual_gigabit_wan_vpn_router_firmwarerv042g_dual_gigabit_wan_vpn_routerrv325_dual_gigabit_wan_vpn_routerrv042g_dual_gigabit_wan_vpn_router_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1203
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.27% / 50.06%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:15
Updated-12 Nov, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5042
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.11% / 28.50%
||
7 Day CHG~0.00%
Published-29 Mar, 2026 | 10:30
Updated-30 Mar, 2026 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Belkin F9K1122 Parameter formCrossBandSwitch stack-based overflow

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Belkin International, Inc.
Product-f9k1122_firmwaref9k1122F9K1122
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1167
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-6.31% / 91.06%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-08 Nov, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1194
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:22
Updated-12 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1165
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1162
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.43% / 63.09%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:36
Updated-12 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwareapplication_extension_platformrv130_vpn_routerrv130_vpn_router_firmwarerv215w_wireless-n_vpn_routerrv110wrv215w_wireless-n_vpn_router_firmwarerv110w_firmwarerv130wCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found