Lucene search
K

15 matches found

CVE
CVE
added 2022/08/10 8:12 a.m.270 views

CVE-2022-20827

CVE-2022-20827 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. It is part of a set of vulnerabilities that allow an unauthenticated, remote attacker to either execute arbitrary code or cause a DoS. The root cause is insufficient input validation in the web filter database upd...

10CVSS9.7AI score0.01664EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.247 views

CVE-2021-1473

Cisco Small Business RV Series Routers (RV16X/RV26X, RV34X, etc.) web management has multiple vulnerabilities (CVE-2021-1473) allowing remote command execution via the web interface, including an authentication bypass and file upload on upload.cgi. Exploitation can enable arbitrary OS commands; s...

9.8CVSS8.3AI score0.64161EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.210 views

CVE-2021-1472

Cisco Small Business RV Series Routers are affected by CVE-2021-1472 (and related CVEs) due to multiple OS command injection vulnerabilities in the web-based management interface. The Nuclei template specifies affected models: RV16X/RV26X versions 1.0.01.02 and earlier, and RV34X versions 1.0.03....

9.8CVSS8.3AI score0.72472EPSS
CVE
CVE
added 2022/08/10 8:10 a.m.202 views

CVE-2022-20841

CVE-2022-20841 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The vulnerability arises from insufficient validation in the Open Plug and Play (PnP) module, enabling an unauthenticated, remote attacker to inject and execute arbitrary commands on the underlying OS, potentially...

9CVSS9.5AI score0.02877EPSS
CVE
CVE
added 2022/08/10 8:10 a.m.201 views

CVE-2022-20842

Cisco Small Business RV160/RV260/RV340/RV345 Series routers are affected by CVE-2022-20842, a vulnerability in the web-based management interface caused by insufficient input validation. An unauthenticated, remote attacker could exploit crafted HTTP input to execute arbitrary code with root privi...

9.8CVSS9.7AI score0.01607EPSS
CVE
CVE
added 2022/05/04 5:6 p.m.133 views

CVE-2022-20799

Cisco Small Business RV340/RV345 Routers expose web-based management vulnerabilities that allow an authenticated attacker to inject and execute arbitrary Linux commands due to insufficient input validation. Exploitation requires valid Administrator credentials. Impact is arbitrary command executi...

9CVSS6.4AI score0.01574EPSS
CVE
CVE
added 2022/05/04 5:5 p.m.123 views

CVE-2022-20753

Cisco Small Business RV340/RV345 devices expose a web-based management interface vulnerable to remote code execution due to insufficient validation of attacker-supplied input. The issue manifests in the handling of JSON RPC requests (e.g., set-snmp) and related parameters, enabling an authenticat...

9CVSS6.3AI score0.02021EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.101 views

CVE-2021-1414

CVE-2021-1414 affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The vulnerability is a web-based management interface issue that allows an authenticated remote attacker to execute arbitrary code with the privileges of the web service process on the device. The root caus...

6.5CVSS6.8AI score0.01863EPSS
CVE
CVE
added 2022/05/04 5:6 p.m.95 views

CVE-2022-20801

Cisco Small Business RV340/RV345 Routers have web-based management interface vulnerabilities due to insufficient input validation that could let an authenticated attacker with admin privileges inject and execute arbitrary commands on the device’s Linux OS. Exploitation is network-based; successfu...

9CVSS6.4AI score0.01923EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.93 views

CVE-2021-1415

CVE-2021-1415 involves Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The issue arises in the web-based management interface where HTTP requests are not properly validated, allowing an authenticated attacker to remotely execute arbitrary code with privileges of the web servi...

6.5CVSS6.8AI score0.01612EPSS
CVE
CVE
added 2021/04/08 4:6 a.m.91 views

CVE-2021-1413

CVE-2021-1413 affects Cisco RV340/RV340W/RV345/RV345P Dual WAN Gigabit VPN Routers. Affected component: web-based management interface. Root cause: HTTP requests are not properly validated, enabling an authenticated remote attacker to execute arbitrary code with the web service process privileges...

6.5CVSS6.8AI score0.01612EPSS
CVE
CVE
added 2023/01/19 1:40 a.m.83 views

CVE-2023-20007

Cisco CVE-2023-20007 affects the web-based management interfaces of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The root cause is insufficient validation of user-supplied input to the web UI, exploitable by an authenticated attacker using crafted HTTP input...

7.2CVSS7.3AI score0.00675EPSS
CVE
CVE
added 2020/09/04 2:26 a.m.80 views

CVE-2020-3451

Cisco CVE-2020-3451 affects the Cisco Small Business RV340 Series Routers web-based management interface. Public details (ZDI/Nessus/Cisco advisory) describe a command injection/remote code execution flaw in the upload.cgi handler, caused by improper validation of a user-supplied string used in a...

6.5CVSS5.7AI score0.02175EPSS
CVE
CVE
added 2020/09/04 2:26 a.m.72 views

CVE-2020-3453

Cisco RV340 Series Routers are affected by multiple web-management vulnerabilities leading to remote code execution when authenticated with admin credentials. The ZDI advisory specifies a stack-based buffer overflow in upload.cgi that allows network-adjacent attackers to execute code with the www...

7.7CVSS6.2AI score0.03083EPSS
CVE
CVE
added 2021/05/06 12:51 p.m.58 views

CVE-2021-1520

The CVE-2021-1520 issue affects Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. A local privilege-escalation vulnerability stems from improper sanitization in the internal messaging service, enabling an authenticated attacker with Administrator credentials to run arbitrary co...

7.2CVSS6.5AI score0.0029EPSS