35 matches found
CVE-2022-20701
CVE-2022-20701 discusses multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. Affected components include the SSL VPN module and the web-based management interface, with issues in image verification. Consequences stated across sources include remote code...
CVE-2022-20699
CVE-2022-20699 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The available connected materials indicate a stack-based buffer overflow in the RV340 SSL VPN functionality, leading to unauthenticated remote code execution with root-level impact on the device. Metasploit also d...
CVE-2022-20703
CVE-2022-20703 applies to Cisco Small Business RV160, RV260, RV340 and RV345 Series Routers. The issue is a trust/verification weakness in the software image loading process that can allow an unauthenticated attacker to install and boot a malicious or unsigned image, enabling possible arbitrary c...
CVE-2022-20700
CVE-2022-20700 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The Cisco advisory (KA9PK6D) documents a set of vulnerabilities in the management interface and SSL VPN/firmware image verification that can enable arbitrary code execution, privilege escalation, arbitrary command...
CVE-2022-20708
CVE-2022-20708 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. Vulnerabilities allow arbitrary code execution, privilege escalation, arbitrary command execution, bypass of authentication/authorization, installation of unsigned software, and DoS, via issues in the web-based ma...
CVE-2025-32433
The CVE-2025-32433 issue affects Erlang/OTP’s SSH server and is caused by a flaw in SSH message handling during authentication, enabling an unauthenticated attacker to execute arbitrary commands with the SSH daemon’s privileges (potentially root). Affected OTP versions include OTP-27.3.2?3, OTP-2...
CVE-2022-20827
CVE-2022-20827 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. It is part of a set of vulnerabilities that allow an unauthenticated, remote attacker to either execute arbitrary code or cause a DoS. The root cause is insufficient input validation in the web filter database upd...
CVE-2022-20705
CVE-2022-20705 affects Cisco Small Business RV160, RV260, RV340, and RV345 series routers. Connected docs confirm a session ID directory traversal authentication bypass (and related CVE-2022-20707) exploited by a Metasploit module to execute arbitrary commands with web server privileges, on firmw...
CVE-2021-1473
Cisco Small Business RV Series Routers (RV16X/RV26X, RV34X, etc.) web management has multiple vulnerabilities (CVE-2021-1473) allowing remote command execution via the web interface, including an authentication bypass and file upload on upload.cgi. Exploitation can enable arbitrary OS commands; s...
CVE-2023-20073
CVE-2023-20073 affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability stems from insufficient authorization enforcement during file uploads in the web-based management interface, allowing an unauthenticated, remote attacker to upload arbitrary files by send...
CVE-2021-1472
Cisco Small Business RV Series Routers are affected by CVE-2021-1472 (and related CVEs) due to multiple OS command injection vulnerabilities in the web-based management interface. The Nuclei template specifies affected models: RV16X/RV26X versions 1.0.01.02 and earlier, and RV34X versions 1.0.03....
CVE-2022-20841
CVE-2022-20841 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The vulnerability arises from insufficient validation in the Open Plug and Play (PnP) module, enabling an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying OS, potentially...
CVE-2022-20842
Cisco Small Business RV160/RV260/RV340/RV345 Series routers are affected by CVE-2022-20842, a vulnerability in the web-based management interface caused by insufficient input validation. An unauthenticated, remote attacker could exploit crafted HTTP input to execute arbitrary code with root privi...
CVE-2022-20711
CVE-2022-20711 affects Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN VPN Routers. It exploits insufficient input validation in specific web UI components, enabling an unauthenticated remote attacker to overwrite files or exfiltrate data served by the web UI. Root cause is imprope...
CVE-2022-20710
Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers are affected by CVE-2022-20710 (and related RV-series CVEs) in the web-based management GUI login flow. The advisory specifies a DoS vulnerability where an unauthenticated, remote attacker can craft HTTP packets that cause the log...
CVE-2022-20799
Cisco Small Business RV340/RV345 Routers expose web-based management vulnerabilities that allow an authenticated attacker to inject and execute arbitrary Linux commands due to insufficient input validation. Exploitation requires valid Administrator credentials. Impact is arbitrary command executi...
CVE-2022-20707
Cisco CVE-2022-20707 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The connected Exploit module describes a command injection vulnerability (and accompanying authentication bypass) enabling arbitrary command execution, demonstrated on firmware 1.0.03.24 and earlier, with ww...
CVE-2022-20712
Cisco Small Business RV160/RV260/RV340/RV345 Series routers are affected by multiple CVEs disclosed in early 2022, with several high/critical flaws in the SSL VPN module and web UI. Key issues include CVE-2022-20699 (remote code execution via SSL VPN), CVE-2022-20700/20701/20702 (privilege escala...
CVE-2022-20749
CVE-2022-20749 is a command-injection vulnerability in the web-based management interface of Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. An unauthenticated attacker could inject and execute arbitrary commands on the underlying Linux OS, potentially achieving root-level code execu...
CVE-2022-20704
CVE-2022-20704 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The issue is in the software-upgrade module where improper SSL server-certificate validation enables a man-in-the-middle to intercept traffic and force the device to download arbitrary software images via forged c...
CVE-2022-20706
Cisco Small Business RV160/RV260/RV340/RV345 routers contain multiple CVEs (e.g., CVE-2022-20699 in SSL VPN; CVE-2022-20700/20701/20702 in web UI authorization; CVE-2022-20703 image verification; CVE-2022-20706 Open Plug‑and‑Play command injection; CVE-2022-20712 upload module RCE; etc.), enablin...
CVE-2022-20753
Cisco Small Business RV340/RV345 devices expose a web-based management interface vulnerable to remote code execution due to insufficient validation of attacker-supplied input. The issue manifests in the handling of JSON RPC requests (e.g., set-snmp) and related parameters, enabling an authenticat...
CVE-2022-20702
Cisco Small Business RV160/RV260/RV340/RV345 series routers contain multiple vulnerabilities including CVE-2022-20702, caused by insufficient authorization enforcement in the web-based management interface. This could allow a remote attacker to elevate privileges to root and execute arbitrary com...
CVE-2022-20709
CVE-2022-20709 affects Cisco Small Business RV340/RV340W/RV345/RV345P Dual WAN VPN Routers. It is a Medium-Severity Arbitrary File Upload vulnerability in the web-based management interface caused by insufficient authorization enforcement during file uploads. An unauthenticated, remote attacker c...
CVE-2021-1414
CVE-2021-1414 affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability is a web-based management interface issue that allows an authenticated remote attacker to execute arbitrary code with the privileges of the web service process on the device. The root caus...
CVE-2022-20801
Cisco Small Business RV340/RV345 Routers have web-based management interface vulnerabilities due to insufficient input validation that could let an authenticated attacker with admin privileges inject and execute arbitrary commands on the device’s Linux OS. Exploitation is network-based; successfu...
CVE-2021-1415
CVE-2021-1415 involves Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The issue arises in the web-based management interface where HTTP requests are not properly validated, allowing an authenticated attacker to remotely execute arbitrary code with privileges of the web servi...
CVE-2021-1413
CVE-2021-1413 affects Cisco RV340/RV340W/RV345/RV345P Dual WAN Gigabit VPN Routers. Affected component: web-based management interface. Root cause: HTTP requests are not properly validated, enabling an authenticated remote attacker to execute arbitrary code with the web service process privileges...
CVE-2023-20007
Cisco CVE-2023-20007 affects the web-based management interfaces of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The root cause is insufficient validation of user-supplied input to the web UI, exploitable by an authenticated attacker using crafted HTTP input...
CVE-2020-3451
Cisco CVE-2020-3451 affects the Cisco Small Business RV340 Series Routers web-based management interface. Public details (ZDI/Nessus/Cisco advisory) describe a command injection/remote code execution flaw in the upload.cgi handler, caused by improper validation of a user-supplied string used in a...
CVE-2021-1251
CVE-2021-1251 concerns multiple LLDP vulnerabilities in Cisco Small Business RV Series Routers. The related sources (Cisco advisory Cisco-SA-RV-MULTI-LLDP-U7E4CHCE, Nessus CISCO-SA-RV-MULTI-LLDP-U7E4CHCE.NASL, and NCERT/NCSC entries) describe an unauthenticated, adjacent attacker who can execute ...
CVE-2021-1308
Cisco Small Business RV Series Routers are affected by multiple LLDP implementation vulnerabilities (CVE-2021-1308). An unauthenticated, adjacent attacker can potentially execute arbitrary code or cause the device to leak memory or reload, leading to DoS. Impact is supported by the CVE entry and ...
CVE-2021-1309
CVE-2021-1309 involves multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation on Cisco Small Business RV Series Routers. The flaws allow an unauthenticated, adjacent attacker to execute arbitrary code or cause memory leakage, with memory loss or router reloads leading...
CVE-2020-3453
Cisco RV340 Series Routers are affected by multiple web-management vulnerabilities leading to remote code execution when authenticated with admin credentials. The ZDI advisory specifies a stack-based buffer overflow in upload.cgi that allows network-adjacent attackers to execute code with the www...
CVE-2021-1520
The CVE-2021-1520 issue affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. A local privilege-escalation vulnerability stems from improper sanitization in the internal messaging service, enabling an authenticated attacker with Administrator credentials to run arbitrary co...