Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20701

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Published

2022-02-10T18:15:09.087

Last Modified

2025-02-24T15:23:58.563

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	rv340_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv340	-	No
Operating System	cisco	rv340w_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv340w	-	No
Operating System	cisco	rv345_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv345	-	No
Operating System	cisco	rv345p_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv345p	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-412/ Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-412/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)