Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability
CVE-2023-20073

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business Rv Series Router Firmware
Vendor: CVE Published:; 5 April 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 11%

Summary

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

Affected Version(s)

Cisco Small Business RV Series Router Firmware

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-20073
Created by RegularITCat

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Aug 18, 2023
👾
Exploit known to exist
Aug 18, 2023
Vulnerability published
Apr 5, 2023
Vulnerability Reserved
Oct 27, 2022