Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20705

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Published

2022-02-10T18:15:09.307

Last Modified

2024-11-21T06:43:22.260

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	rv340_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv340	-	No
Operating System	cisco	rv340w_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv340w	-	No
Operating System	cisco	rv345_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv345	-	No
Operating System	cisco	rv345p_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv345p	-	No
Operating System	cisco	rv160_firmware	≤ 1.0.01.05	Yes
Hardware	cisco	rv160	-	No
Operating System	cisco	rv160w_firmware	≤ 1.0.01.05	Yes
Hardware	cisco	rv160w	-	No
Operating System	cisco	rv260_firmware	≤ 1.0.01.05	Yes
Hardware	cisco	rv260	-	No
Operating System	cisco	rv260p_firmware	≤ 1.0.01.05	Yes
Hardware	cisco	rv260p	-	No
Operating System	cisco	rv260w_firmware	≤ 1.0.01.05	Yes
Hardware	cisco	rv260w	-	No

References

http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-409/ Third Party Advisory, VDB Entry ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-410/ Third Party Advisory, VDB Entry ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-415/ Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-409/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-410/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-415/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)