15 matches found
CVE-2022-20827
CVE-2022-20827 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. It is part of a set of vulnerabilities that allow an unauthenticated, remote attacker to either execute arbitrary code or cause a DoS. The root cause is insufficient input validation in the web filter database upd...
CVE-2021-1473
Cisco Small Business RV Series Routers (RV16X/RV26X, RV34X, etc.) web management has multiple vulnerabilities (CVE-2021-1473) allowing remote command execution via the web interface, including an authentication bypass and file upload on upload.cgi. Exploitation can enable arbitrary OS commands; s...
CVE-2021-1472
Cisco Small Business RV Series Routers are affected by CVE-2021-1472 (and related CVEs) due to multiple OS command injection vulnerabilities in the web-based management interface. The Nuclei template specifies affected models: RV16X/RV26X versions 1.0.01.02 and earlier, and RV34X versions 1.0.03....
CVE-2022-20841
CVE-2022-20841 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The vulnerability arises from insufficient validation in the Open Plug and Play (PnP) module, enabling an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying OS, potentially...
CVE-2022-20842
Cisco Small Business RV160/RV260/RV340/RV345 Series routers are affected by CVE-2022-20842, a vulnerability in the web-based management interface caused by insufficient input validation. An unauthenticated, remote attacker could exploit crafted HTTP input to execute arbitrary code with root privi...
CVE-2022-20799
Cisco Small Business RV340/RV345 Routers expose web-based management vulnerabilities that allow an authenticated attacker to inject and execute arbitrary Linux commands due to insufficient input validation. Exploitation requires valid Administrator credentials. Impact is arbitrary command executi...
CVE-2022-20753
Cisco Small Business RV340/RV345 devices expose a web-based management interface vulnerable to remote code execution due to insufficient validation of attacker-supplied input. The issue manifests in the handling of JSON RPC requests (e.g., set-snmp) and related parameters, enabling an authenticat...
CVE-2021-1414
CVE-2021-1414 affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability is a web-based management interface issue that allows an authenticated remote attacker to execute arbitrary code with the privileges of the web service process on the device. The root caus...
CVE-2022-20801
Cisco Small Business RV340/RV345 Routers have web-based management interface vulnerabilities due to insufficient input validation that could let an authenticated attacker with admin privileges inject and execute arbitrary commands on the device’s Linux OS. Exploitation is network-based; successfu...
CVE-2021-1415
CVE-2021-1415 involves Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The issue arises in the web-based management interface where HTTP requests are not properly validated, allowing an authenticated attacker to remotely execute arbitrary code with privileges of the web servi...
CVE-2021-1413
CVE-2021-1413 affects Cisco RV340/RV340W/RV345/RV345P Dual WAN Gigabit VPN Routers. Affected component: web-based management interface. Root cause: HTTP requests are not properly validated, enabling an authenticated remote attacker to execute arbitrary code with the web service process privileges...
CVE-2023-20007
Cisco CVE-2023-20007 affects the web-based management interfaces of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The root cause is insufficient validation of user-supplied input to the web UI, exploitable by an authenticated attacker using crafted HTTP input...
CVE-2020-3451
Cisco CVE-2020-3451 affects the Cisco Small Business RV340 Series Routers web-based management interface. Public details (ZDI/Nessus/Cisco advisory) describe a command injection/remote code execution flaw in the upload.cgi handler, caused by improper validation of a user-supplied string used in a...
CVE-2020-3453
Cisco RV340 Series Routers are affected by multiple web-management vulnerabilities leading to remote code execution when authenticated with admin credentials. The ZDI advisory specifies a stack-based buffer overflow in upload.cgi that allows network-adjacent attackers to execute code with the www...
CVE-2021-1520
The CVE-2021-1520 issue affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. A local privilege-escalation vulnerability stems from improper sanitization in the internal messaging service, enabling an authenticated attacker with Administrator credentials to run arbitrary co...