Lucene search
K
CiscoRv340 Firmware

35 matches found

CVE
CVE
added 2022/02/10 5:6 p.m.1255 views

CVE-2022-20701

CVE-2022-20701 discusses multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. Affected components include the SSL VPN module and the web-based management interface, with issues in image verification. Consequences stated across sources include remote code...

10CVSS9.3AI score0.09747EPSS
In wild
CVE
CVE
added 2022/02/10 5:6 p.m.1189 views

CVE-2022-20699

CVE-2022-20699 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The available connected materials indicate a stack-based buffer overflow in the RV340 SSL VPN functionality, leading to unauthenticated remote code execution with root-level impact on the device. Metasploit also d...

10CVSS9.9AI score0.72458EPSS
In wild
CVE
CVE
added 2022/02/10 5:6 p.m.1133 views

CVE-2022-20703

CVE-2022-20703 applies to Cisco Small Business RV160, RV260, RV340 and RV345 Series Routers. The issue is a trust/verification weakness in the software image loading process that can allow an unauthenticated attacker to install and boot a malicious or unsigned image, enabling possible arbitrary c...

10CVSS9.3AI score0.09203EPSS
In wild
CVE
CVE
added 2022/02/10 5:6 p.m.1090 views

CVE-2022-20700

CVE-2022-20700 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The Cisco advisory (KA9PK6D) documents a set of vulnerabilities in the management interface and SSL VPN/firmware image verification that can enable arbitrary code execution, privilege escalation, arbitrary command...

10CVSS10AI score0.05655EPSS
In wild
CVE
CVE
added 2022/02/10 5:6 p.m.1062 views

CVE-2022-20708

CVE-2022-20708 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. Vulnerabilities allow arbitrary code execution, privilege escalation, arbitrary command execution, bypass of authentication/authorization, installation of unsigned software, and DoS, via issues in the web-based ma...

10CVSS9.3AI score0.14863EPSS
In wild
CVE
CVE
added 2025/04/16 9:34 p.m.736 views

CVE-2025-32433

The CVE-2025-32433 issue affects Erlang/OTP’s SSH server and is caused by a flaw in SSH message handling during authentication, enabling an unauthenticated attacker to execute arbitrary commands with the SSH daemon’s privileges (potentially root). Affected OTP versions include OTP-27.3.2?3, OTP-2...

10CVSS9.9AI score0.97859EPSS
In wild
CVE
CVE
added 2022/08/10 8:12 a.m.268 views

CVE-2022-20827

CVE-2022-20827 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. It is part of a set of vulnerabilities that allow an unauthenticated, remote attacker to either execute arbitrary code or cause a DoS. The root cause is insufficient input validation in the web filter database upd...

10CVSS9.7AI score0.01664EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.255 views

CVE-2022-20705

CVE-2022-20705 affects Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Connected docs confirm a session ID directory traversal authentication bypass (and related CVE-2022-20707) exploited by a Metasploit module to execute arbitrary commands with web server privileges, on firmw...

10CVSS9.9AI score0.80031EPSS
In wild
CVE
CVE
added 2021/04/08 4:6 a.m.245 views

CVE-2021-1473

Cisco Small Business RV Series Routers (RV16X/RV26X, RV34X, etc.) web management has multiple vulnerabilities (CVE-2021-1473) allowing remote command execution via the web interface, including an authentication bypass and file upload on upload.cgi. Exploitation can enable arbitrary OS commands; s...

9.8CVSS8.3AI score0.64161EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.244 views

CVE-2023-20073

CVE-2023-20073 affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability stems from insufficient authorization enforcement during file uploads in the web-based management interface, allowing an unauthenticated, remote attacker to upload arbitrary files by send...

9.8CVSS6.3AI score0.88874EPSS
In wild
CVE
CVE
added 2021/04/08 4:6 a.m.210 views

CVE-2021-1472

Cisco Small Business RV Series Routers are affected by CVE-2021-1472 (and related CVEs) due to multiple OS command injection vulnerabilities in the web-based management interface. The Nuclei template specifies affected models: RV16X/RV26X versions 1.0.01.02 and earlier, and RV34X versions 1.0.03....

9.8CVSS8.3AI score0.72472EPSS
CVE
CVE
added 2022/08/10 8:10 a.m.200 views

CVE-2022-20841

CVE-2022-20841 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The vulnerability arises from insufficient validation in the Open Plug and Play (PnP) module, enabling an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying OS, potentially...

9CVSS9.5AI score0.02877EPSS
CVE
CVE
added 2022/08/10 8:10 a.m.200 views

CVE-2022-20842

Cisco Small Business RV160/RV260/RV340/RV345 Series routers are affected by CVE-2022-20842, a vulnerability in the web-based management interface caused by insufficient input validation. An unauthenticated, remote attacker could exploit crafted HTTP input to execute arbitrary code with root privi...

9.8CVSS9.7AI score0.01607EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.136 views

CVE-2022-20711

CVE-2022-20711 affects Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN VPN Routers. It exploits insufficient input validation in specific web UI components, enabling an unauthenticated remote attacker to overwrite files or exfiltrate data served by the web UI. Root cause is imprope...

10CVSS9.9AI score0.04915EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.135 views

CVE-2022-20710

Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers are affected by CVE-2022-20710 (and related RV-series CVEs) in the web-based management GUI login flow. The advisory specifies a DoS vulnerability where an unauthenticated, remote attacker can craft HTTP packets that cause the log...

10CVSS8.1AI score0.02429EPSS
CVE
CVE
added 2022/05/04 5:6 p.m.133 views

CVE-2022-20799

Cisco Small Business RV340/RV345 Routers expose web-based management vulnerabilities that allow an authenticated attacker to inject and execute arbitrary Linux commands due to insufficient input validation. Exploitation requires valid Administrator credentials. Impact is arbitrary command executi...

9CVSS6.4AI score0.01574EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.131 views

CVE-2022-20707

Cisco CVE-2022-20707 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The connected Exploit module describes a command injection vulnerability (and accompanying authentication bypass) enabling arbitrary command execution, demonstrated on firmware 1.0.03.24 and earlier, with ww...

10CVSS8.9AI score0.75322EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.129 views

CVE-2022-20712

Cisco Small Business RV160/RV260/RV340/RV345 Series routers are affected by multiple CVEs disclosed in early 2022, with several high/critical flaws in the SSL VPN module and web UI. Key issues include CVE-2022-20699 (remote code execution via SSL VPN), CVE-2022-20700/20701/20702 (privilege escala...

10CVSS9.9AI score0.03031EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.128 views

CVE-2022-20749

CVE-2022-20749 is a command-injection vulnerability in the web-based management interface of Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. An unauthenticated attacker could inject and execute arbitrary commands on the underlying Linux OS, potentially achieving root-level code execu...

10CVSS9.9AI score0.04008EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.125 views

CVE-2022-20704

CVE-2022-20704 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The issue is in the software-upgrade module where improper SSL server-certificate validation enables a man-in-the-middle to intercept traffic and force the device to download arbitrary software images via forged c...

10CVSS8.1AI score0.02297EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.125 views

CVE-2022-20706

Cisco Small Business RV160/RV260/RV340/RV345 routers contain multiple CVEs (e.g., CVE-2022-20699 in SSL VPN; CVE-2022-20700/20701/20702 in web UI authorization; CVE-2022-20703 image verification; CVE-2022-20706 Open Plug‑and‑Play command injection; CVE-2022-20712 upload module RCE; etc.), enablin...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2022/05/04 5:5 p.m.122 views

CVE-2022-20753

Cisco Small Business RV340/RV345 devices expose a web-based management interface vulnerable to remote code execution due to insufficient validation of attacker-supplied input. The issue manifests in the handling of JSON RPC requests (e.g., set-snmp) and related parameters, enabling an authenticat...

9CVSS6.3AI score0.02021EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.121 views

CVE-2022-20702

Cisco Small Business RV160/RV260/RV340/RV345 series routers contain multiple vulnerabilities including CVE-2022-20702, caused by insufficient authorization enforcement in the web-based management interface. This could allow a remote attacker to elevate privileges to root and execute arbitrary com...

10CVSS8.9AI score0.04598EPSS
CVE
CVE
added 2022/02/10 5:6 p.m.107 views

CVE-2022-20709

CVE-2022-20709 affects Cisco Small Business RV340/RV340W/RV345/RV345P Dual WAN VPN Routers. It is a Medium-Severity Arbitrary File Upload vulnerability in the web-based management interface caused by insufficient authorization enforcement during file uploads. An unauthenticated, remote attacker c...

10CVSS9.2AI score0.03802EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.101 views

CVE-2021-1414

CVE-2021-1414 affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability is a web-based management interface issue that allows an authenticated remote attacker to execute arbitrary code with the privileges of the web service process on the device. The root caus...

6.5CVSS6.8AI score0.01863EPSS
CVE
CVE
added 2022/05/04 5:6 p.m.93 views

CVE-2022-20801

Cisco Small Business RV340/RV345 Routers have web-based management interface vulnerabilities due to insufficient input validation that could let an authenticated attacker with admin privileges inject and execute arbitrary commands on the device’s Linux OS. Exploitation is network-based; successfu...

9CVSS6.4AI score0.01923EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.91 views

CVE-2021-1415

CVE-2021-1415 involves Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The issue arises in the web-based management interface where HTTP requests are not properly validated, allowing an authenticated attacker to remotely execute arbitrary code with privileges of the web servi...

6.5CVSS6.8AI score0.01612EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.90 views

CVE-2021-1413

CVE-2021-1413 affects Cisco RV340/RV340W/RV345/RV345P Dual WAN Gigabit VPN Routers. Affected component: web-based management interface. Root cause: HTTP requests are not properly validated, enabling an authenticated remote attacker to execute arbitrary code with the web service process privileges...

6.5CVSS6.8AI score0.01612EPSS
CVE
CVE
added 2023/01/19 1:40 a.m.83 views

CVE-2023-20007

Cisco CVE-2023-20007 affects the web-based management interfaces of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The root cause is insufficient validation of user-supplied input to the web UI, exploitable by an authenticated attacker using crafted HTTP input...

7.2CVSS7.3AI score0.00675EPSS
CVE
CVE
added 2020/09/04 2:26 a.m.80 views

CVE-2020-3451

Cisco CVE-2020-3451 affects the Cisco Small Business RV340 Series Routers web-based management interface. Public details (ZDI/Nessus/Cisco advisory) describe a command injection/remote code execution flaw in the upload.cgi handler, caused by improper validation of a user-supplied string used in a...

6.5CVSS5.7AI score0.02175EPSS
CVE
CVE
added 2021/04/08 4:5 a.m.79 views

CVE-2021-1251

CVE-2021-1251 concerns multiple LLDP vulnerabilities in Cisco Small Business RV Series Routers. The related sources (Cisco advisory Cisco-SA-RV-MULTI-LLDP-U7E4CHCE, Nessus CISCO-SA-RV-MULTI-LLDP-U7E4CHCE.NASL, and NCERT/NCSC entries) describe an unauthenticated, adjacent attacker who can execute ...

7.4CVSS8AI score0.00434EPSS
CVE
CVE
added 2021/04/08 4:5 a.m.78 views

CVE-2021-1308

Cisco Small Business RV Series Routers are affected by multiple LLDP implementation vulnerabilities (CVE-2021-1308). An unauthenticated, adjacent attacker can potentially execute arbitrary code or cause the device to leak memory or reload, leading to DoS. Impact is supported by the CVE entry and ...

7.4CVSS8AI score0.00434EPSS
CVE
CVE
added 2021/04/08 4:5 a.m.75 views

CVE-2021-1309

CVE-2021-1309 involves multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation on Cisco Small Business RV Series Routers. The flaws allow an unauthenticated, adjacent attacker to execute arbitrary code or cause memory leakage, with memory loss or router reloads leading...

8.8CVSS8.5AI score0.00515EPSS
CVE
CVE
added 2020/09/04 2:26 a.m.72 views

CVE-2020-3453

Cisco RV340 Series Routers are affected by multiple web-management vulnerabilities leading to remote code execution when authenticated with admin credentials. The ZDI advisory specifies a stack-based buffer overflow in upload.cgi that allows network-adjacent attackers to execute code with the www...

7.7CVSS6.2AI score0.03083EPSS
CVE
CVE
added 2021/05/06 12:51 p.m.58 views

CVE-2021-1520

The CVE-2021-1520 issue affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. A local privilege-escalation vulnerability stems from improper sanitization in the internal messaging service, enabling an authenticated attacker with Administrator credentials to run arbitrary co...

7.2CVSS6.5AI score0.0029EPSS