How severe is CVE-2021-1296?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-1296?

This is classified as CWE-36, which is a common weakness in software security.

CVE-2021-1296 - HIGH Severity | CVSS 7.5

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

Related Vulnerabilities

CVE-2021-1297

HIGH

CVSS:7.5(High)

CWE-362021

CVE-2023-2765

HIGH

CVSS:7.5(High)

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the...

CWE-362023

CVE-2023-4172

HIGH

CVSS:7.5(High)

A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\...

CWE-362023

CVE-2024-11978

HIGH

CVSS:7.5(High)

DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

CWE-362024

CVE-2024-13159

HIGH

CVSS:7.5(High)

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CWE-362024

CVE-2024-13160

HIGH

CVSS:7.5(High)

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CWE-362024