Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Vulnerable to RCE

On August 18, Cisco published an advisory for CVE-2021-34730, a remote command execution and denial of service vulnerability in Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. It received a CVSSv3 score of 9.8.

According to Cisco, “An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.” At this time, no public exploits have been reported, but may be forthcoming. We will provide updates as necessary. Because the impacted products are end of life, Cisco will not be releasing any patches for this vulnerability. 

The UPnP feature must be enabled for the device to be vulnerable. The feature is enabled by default on LAN devices, but disabled by default on WAN devices. Cisco’s advisory includes guidance on how to determine and modify the UPnP configuration of the routers. You can scan for these end-of-life devices using Plugin 148445.