Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities
CVE-2023-20128

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Small Business Rv Series Router Firmware
Vendor: CVE Published:; 5 April 2023

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers, allowing an authenticated remote attacker to inject and execute arbitrary commands on the device's underlying operating system. These vulnerabilities arise from insufficient validation of user-supplied inputs, enabling attackers with valid Administrator credentials to exploit the flaws by submitting malicious input. A successful attack could grant unauthorized root access to the system, leading to severe security risks. As of now, Cisco has not provided any software updates to mitigate these vulnerabilities.

Affected Version(s)

Cisco Small Business RV Series Router Firmware

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Oct 28, 2024
Vulnerability published
Apr 5, 2023
Vulnerability Reserved
Oct 27, 2022