Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20707

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Published

2022-02-10T18:15:09.413

Last Modified

2024-11-21T06:43:22.573

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	rv340_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv340	-	No
Operating System	cisco	rv340w_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv340w	-	No
Operating System	cisco	rv345_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv345	-	No
Operating System	cisco	rv345p_firmware	≤ 1.0.03.24	Yes
Hardware	cisco	rv345p	-	No

References

http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-409/ Third Party Advisory, VDB Entry ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-411/ Third Party Advisory, VDB Entry ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-419/ Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-409/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-411/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-419/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)