Input validation

2020-09-2301:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.7%

JSON

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.

CPENameOperatorVersion
rv016_multi-wan_vpn_firmwarelt4.2.3.10
rv042_dual_wan_vpnlt4.2.3.10
rv042g_dual_gigabit_wan_vpn_firmwarelt4.2.3.10
rv082_dual_wan_vpn_router_firmwarelt4.2.3.10
rv320_firmwarelt1.5.1.05
rv325_firmwarelt1.5.1.05

Name	Operator	Version
rv016_multi-wan_vpn_firmware	lt	4.2.3.10
rv042_dual_wan_vpn	lt	4.2.3.10
rv042g_dual_gigabit_wan_vpn_firmware	lt	4.2.3.10
rv082_dual_wan_vpn_router_firmware	lt	4.2.3.10
rv320_firmware	lt	1.5.1.05
rv325_firmware	lt	1.5.1.05