Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities
CVE-2023-20117
7.2HIGH
What is CVE-2023-20117?
The web-based management interface of Cisco's Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contains multiple vulnerabilities that may allow authenticated remote attackers to inject and execute arbitrary commands on the device's underlying operating system. The root cause of these vulnerabilities lies in insufficient input validation, enabling attackers to send malicious inputs to the affected routers. Successful exploitation of these vulnerabilities requires valid Administrator credentials and can lead to executing commands with root privileges on the Linux operating system. Cisco has not yet provided software updates to mitigate these vulnerabilities.
Affected Version(s)
Cisco Small Business RV Series Router Firmware