qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Cisco-RV340-RCE-(CVE-2021-1...

73 lines
3.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Cisco RV340 RCE (CVE-2021-1473)",
"Description": "<p>The Cisco RV34x series dual wide area network (WAN) gigabit virtual private network (VPN) security routers are next-generation high-performance routers. Terminal devices and applications can be identified and processed according to user-defined policies to improve productivity and optimize network usage.</p><p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.</p>",
"Product": "Cisco",
"Homepage": "https://www.cisco.com",
"DisclosureDate": "2021-05-27",
"Author": "1291904552@qq.com",
"FofaQuery": "app=\"CISCO-RV340\" || app=\"CISCO-RV340W\" || app=\"CISCO-RV345\" || app=\"CISCO-RV345P\"",
"GobyQuery": "app=\"CISCO-RV340\" || app=\"CISCO-RV340W\" || app=\"CISCO-RV345\" || app=\"CISCO-RV345P\"",
"Level": "3",
"Impact": "<p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Cisco RV340 远程命令执行漏洞 CVE-2021-1473",
"VulType": [
"命令执行"
],
"Description": "<p>Cisco RV34x系列双重广域网(WAN)千兆位虚拟专用网络(VPN)安全路由器是下一代高性能路由器。可以根据用户定义的策略识别和处理终端设备和应用程序,以提高生产力和优化网络使用。</p><p>Cisco RV34X 系列 - 身份验证绕过和远程命令执行。</p>",
"Impact": "<p>Cisco RV34X 系列 - 身份验证绕过和远程命令执行。</p>",
"Product": "Cisco",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Cisco RV340 RCE (CVE-2021-1473)",
"VulType": [
"rce"
],
"Description": "<p>The Cisco RV34x series dual wide area network (WAN) gigabit virtual private network (VPN) security routers are next-generation high-performance routers. Terminal devices and applications can be identified and processed according to user-defined policies to improve productivity and optimize network usage.</p><p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.",
"Impact": "<p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.</p>",
"Product": "Cisco",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://www.iot-inspector.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "id"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-1472",
"CVE-2021-1473"
],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": ["Cisco RV340"]
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink