CVE-2021-1541— Cisco Small Business 220 Series Smart Switches Vulnerabilities
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-1541
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Small Business 220 Series Smart Switches Vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Small Business 220 Series Smart Switches 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Small Business 220 Series Smart Switches是美国思科(Cisco)公司的一款小型智能交换机设备。 Cisco Small Business 220 Series Smart Switches存在授权问题漏洞,该漏洞源于缺乏对 TFTP 配置参数的参数验证。利用该漏洞允许攻击者以 root 用户身份在底层操作系统上执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Small Business 220 Series Smart Plus Switches | n/a | - |
II. Public POCs for CVE-2021-1541
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-1541
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5Evendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-1541
Same Patch Batch · Cisco · 2021-06-16 · 11 CVEs total
| CVE-2021-1566 | 7.4 HIGH | Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vul |
| CVE-2021-1542 | 7.2 HIGH | Cisco Small Business 220 Series Smart Switches Vulnerabilities |
| CVE-2021-1543 | 7.2 HIGH | Cisco Small Business 220 Series Smart Switches Vulnerabilities |
| CVE-2021-1571 | 7.2 HIGH | Cisco Small Business 220 Series Smart Switches Vulnerabilities |
| CVE-2021-1567 | 7.0 HIGH | Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL |
| CVE-2021-1569 | 6.5 MEDIUM | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities |
| CVE-2021-1570 | 6.5 MEDIUM | Cisco Jabber Desktop and Mobile Client Software Vulnerabilities |
| CVE-2021-1568 | 5.5 MEDIUM | Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability |
| CVE-2021-1395 | 4.7 MEDIUM | Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability |
| CVE-2021-1524 | 4.3 MEDIUM | Cisco Meeting Server API Denial of Service Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco Small Business 220 Series Smart Plus Switches
- CVE-2021-34744
Cisco Business 220 Series Smart Switches Static Key and Pass - CVE-2021-34757
Cisco Business 220 Series Smart Switches Static Key and Pass - CVE-2021-1542
Cisco Small Business 220 Series Smart Switches Vulnerabiliti - CVE-2021-1543
Cisco Small Business 220 Series Smart Switches Vulnerabiliti - CVE-2021-1571
Cisco Small Business 220 Series Smart Switches Vulnerabiliti
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2021-1541
No comments yet