Cisco RV340/RV345 Vulnerability: Arbitrary Code Execution via HTTP Requests

CVE-2024-20416

6.5MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Small Business Rv Series Router Firmware
Vendor: CVE Published:; 17 July 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.

Affected Version(s)

Cisco Small Business RV Series Router Firmware =

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 17, 2024
Vulnerability Reserved.
Nov 8, 2023
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database