Cisco Small Business Routers Vulnerable to Remote Reload Attack
CVE-2024-20524
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 2 October 2024
What is CVE-2024-20524?
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. Â This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
Affected Version(s)
Cisco Small Business RV Series Router Firmware 4.0.2.08-tm
Cisco Small Business RV Series Router Firmware 4.2.3.08
Cisco Small Business RV Series Router Firmware 4.1.1.01