Cisco addressed multiple pre-auth remote code execution (RCE) flaws in its small business VPN routers, the most severe of which could allow arbitrary code execution as the root user of an affected device. Tracked as CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, and CVE-2021-1295, the vulnerabilities exists due to improper validation of HTTP requests to the continue reading : Cisco Small Business VPN Router Vulnerabilities
