Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20007

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition.

Published

2023-01-20T07:15:12.757

Last Modified

2024-11-21T07:40:19.730

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	rv340_firmware	< 1.0.03.29	Yes
Hardware	cisco	rv340	-	No
Operating System	cisco	rv340w_firmware	< 1.0.03.29	Yes
Hardware	cisco	rv340w	-	No
Operating System	cisco	rv345_firmware	< 1.0.03.29	Yes
Hardware	cisco	rv345	-	No
Operating System	cisco	rv345p_firmware	< 1.0.03.29	Yes
Hardware	cisco	rv345p	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)