Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20073

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

Published

2023-04-05T16:15:07.720

Last Modified

2024-11-21T07:40:29.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-434
Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	rv340_firmware	≤ 1.0.03.29	Yes
Hardware	cisco	rv340	-	No
Operating System	cisco	rv340w_firmware	≤ 1.0.03.29	Yes
Hardware	cisco	rv340w	-	No
Operating System	cisco	rv345_firmware	≤ 1.0.03.29	Yes
Hardware	cisco	rv345	-	No
Operating System	cisco	rv345p_firmware	≤ 1.0.03.29	Yes
Hardware	cisco	rv345p	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)