CVE-2021-1309

CVE Database · CVE-2021-1309

CVE-2021-1309

· HIGHModified

CVSS v3.1

7.4

EPSS

0.52%

Published

Apr 8, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-119CWE-401

Affected Products (44)

cisco · rv132w_firmwarevulnerable

cisco · rv132w

cisco · rv134w_firmwarevulnerable

cisco · rv134w

cisco · rv160_firmwarevulnerable

cisco · rv160_firmware

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs