Original Issue Date: August 24, 2021
Severity Rating: HIGH
Component Affected
RV110W Wireless-N VPN Firewalls
RV130 VPN Routers
RV130W Wireless-N Multifunction VPN Routers
RV215W Wireless-N VPN Routers
Overview
A Vulnerability has been reported in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers which could allow an unauthenticated, remote attacker to execute arbitrary code or cause denial of service (DoS) condition.
Description
This Vulnerability exists in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers due to improper validation of incoming UPnP traffic which could allow the attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.
Solution
Apply appropriate updates as mentioned in:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5