Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities
CVE-2023-20117

7.2HIGH

Key Information:

Vendor
Cisco
Status
Cisco Small Business Rv Series Router Firmware
Vendor
CVE Published:
5 April 2023

Badges

๐Ÿ‘พ Exploit Exists

Summary

The web-based management interface of Cisco's Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contains multiple vulnerabilities that may allow authenticated remote attackers to inject and execute arbitrary commands on the device's underlying operating system. The root cause of these vulnerabilities lies in insufficient input validation, enabling attackers to send malicious inputs to the affected routers. Successful exploitation of these vulnerabilities requires valid Administrator credentials and can lead to executing commands with root privileges on the Linux operating system. Cisco has not yet provided software updates to mitigate these vulnerabilities.

Affected Version(s)

Cisco Small Business RV Series Router Firmware

References

https://sec.cloudapps.cisco.com/security/center/content/C...
vendor-advisory

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.