416 matches found
EUVD-2020-24540
Malware in sbrugna...
EUVD-2020-24539
Malware in sbrugna...
VulnCheck KEV: CVE-2023-20118
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data...
CVE-2020-3431 Cisco Small Business RV Series Routers Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based...
CVE-2024-20524
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service DoS condition. To exploit...
CVE-2023-20146
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20150
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20148
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
PT-2023-2156 · Cisco · Cisco Small Business Rv082 +5
Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers affected versions not specified Description: The issue exists due to insufficient input validation by the web-based management interface, allowing an unauthenticated,...
CVE-2023-20149 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20145
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers expose web‑based management interface XSS vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could lure a user to a crafted page and execute arbitrary script in the interface context ...
CVE-2023-20144
CVE-2023-20144 affects Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers. The web-based management interface has multiple XSS vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could send crafted HTTP requests and persuade a user to ...
CVE-2023-20142
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers are affected by stored XSS in the web-based management interface due to insufficient input validation. An unauthenticated, remote attacker can send crafted HTTP requests and persuade a user to visit pages containing malici...
CVE-2023-20145 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
CVE-2023-20147
CVE-2023-20147 concerns multiple XSS vulnerabilities in the web-based management interfaces of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers. Root cause: insufficient input validation in the web interface, enabling an unauthenticated, remote attacker to craft HTTP req...
CVE-2023-20150 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...
Cisco Small Business 跨站脚本漏洞
Cisco Small Business is a switch from Cisco USA. A security vulnerability exists in the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325, which stems from insufficient validation of inputs to the web-based management interface...
Metasploit Wrap-Up
Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum, Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 and a...
Cisco RV Series Authentication Bypass and Command Injection
This module exploits two vulnerabilities, a session ID directory traversal authentication bypass CVE-2022-20705 and a command injection vulnerability CVE-2022-20707, on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user...