The vulnerability of the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W lies in insufficient validation of input data. This allows an attacker to execute arbitrary code or trigger a service failure by sending specially crafted HTTP packets.

🗓️ 17 Jun 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Cisco RV routers web interface vulnerability from input validation; allows code execution.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-20825	15 Jun 202223:00	–	attackerkb
Circl	CVE-2022-20825	20 Jun 202214:30	–	circl
Cisco	Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability	15 Jun 202216:00	–	cisco
CNNVD	Cisco Small Business 缓冲区错误漏洞	15 Jun 202200:00	–	cnnvd
CNVD	Multiple Cisco Small Business Products Denial of Service Vulnerabilities	17 Jun 202200:00	–	cnvd
CVE	CVE-2022-20825	15 Jun 202217:55	–	cve
Cvelist	CVE-2022-20825 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability	15 Jun 202217:55	–	cvelist
EUVD	EUVD-2022-26075	3 Oct 202520:07	–	euvd
NVD	CVE-2022-20825	15 Jun 202218:15	–	nvd
Prion	Input validation	15 Jun 202218:15	–	prion

Source	Link
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-20825
web	www.web.nvd.nist.gov/view/vuln/detail

17 Jun 2022 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 39.8

CVSS 210

EPSS0.04392

Small Business Routers Web Interface Input Validation Code Execution Web Requests