Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities
CVE-2023-20117

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Small Business Rv Series Router Firmware
Vendor: CVE Published:; 5 April 2023

Badges

👾 Exploit Exists

What is CVE-2023-20117?

The web-based management interface of Cisco's Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contains multiple vulnerabilities that may allow authenticated remote attackers to inject and execute arbitrary commands on the device's underlying operating system. The root cause of these vulnerabilities lies in insufficient input validation, enabling attackers to send malicious inputs to the affected routers. Successful exploitation of these vulnerabilities requires valid Administrator credentials and can lead to executing commands with root privileges on the Linux operating system. Cisco has not yet provided software updates to mitigate these vulnerabilities.

Affected Version(s)

Cisco Small Business RV Series Router Firmware

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 28, 2024
Vulnerability published
Apr 5, 2023
Vulnerability Reserved
Oct 27, 2022