{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T14:12:03.784","vulnerabilities":[{"cve":{"id":"CVE-2021-1297","sourceIdentifier":"psirt@cisco.com","published":"2021-02-04T17:15:15.777","lastModified":"2024-11-21T05:44:01.977","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device."},{"lang":"es","value":"Múltiples vulnerabilidades en la interfaz de administración basada en web de los Enrutadores VPN Cisco Small Business RV160, RV160W, RV260, RV260P y RV260W, podrían permitir a un atacante remoto no autenticado llevar a cabo ataques de salto de directorio y sobrescribir ciertos archivos que deben ser restringido en un sistema afectado. Estas vulnerabilidades son debido a una comprobación insuficiente de la entrada. Un atacante podría explotar estas vulnerabilidades mediante el uso de la interfaz de administración basada en web para cargar un archivo en la ubicación de un dispositivo afectado al que no debería tener acceso. Una explotación con éxito podría permitir al atacante sobrescribir archivos en el sistema de archivos del dispositivo afectado"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:C/A:C","baseScore":9.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":9.2,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-36"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv160w_wireless-ac_vpn_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.01.02","matchCriteriaId":"FC3486B1-44A9-4DCD-B8F4-58FD110C4AA6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv160w_wireless-ac_vpn_router:-:*:*:*:*:*:*:*","matchCriteriaId":"76FA810D-A396-4844-85E7-9293B0559269"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv260_vpn_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.01.02","matchCriteriaId":"5D913D1B-9600-440A-AF22-AC862331EFB3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv260_vpn_router:-:*:*:*:*:*:*:*","matchCriteriaId":"B2374731-08B0-47A4-BD8F-DB6C67ECF785"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv260p_vpn_router_with_poe_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.01.02","matchCriteriaId":"01A1C982-8295-4266-BFDB-7ADA9EF1A28F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv260p_vpn_router_with_poe:-:*:*:*:*:*:*:*","matchCriteriaId":"1A695DCE-ACFE-4437-BA0E-FBF6E379FF91"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv260w_wireless-ac_vpn_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.01.02","matchCriteriaId":"95BDC2EA-251E-4A33-9409-3D838C7C135F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv260w_wireless-ac_vpn_router:-:*:*:*:*:*:*:*","matchCriteriaId":"A4F17A5C-FFA3-4E87-9015-FA90ED6E2C71"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:rv160_vpn_router_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.01.02","matchCriteriaId":"C37623FE-BDD5-42D9-A520-456020A8DCA9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:rv160_vpn_router:-:*:*:*:*:*:*:*","matchCriteriaId":"5FD7FED8-F2E5-449F-98C8-E629B0174A8D"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}