A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCisco Rv016 Multi Wan Vpn
HWCiscowszystkie wersjeCisco Rv016 Multi Wan Vpn Firmware
OSCisco< 4.2.3.10Cisco Rv042 Dual Wan Vpn
HWCiscowszystkie wersjeCisco Rv042 Dual Wan Vpn Firmware
OSCisco< 4.2.3.10Cisco Rv042g Dual Gigabit Wan Vpn
HWCiscowszystkie wersjeCisco Rv042g Dual Gigabit Wan Vpn Firmware
OSCisco< 4.2.3.10Cisco Rv082 Dual Wan Vpn
HWCiscowszystkie wersjeCisco Rv082 Dual Wan Vpn Firmware
OSCisco< 4.2.3.10
CISA KEV — szczegółyi
- Dostawcai
- Cisco ↗
- Produkti
- RV Series Routers
- Data dodania do KEVi
- 8 czerwca 2022
- Termin remediation (USA)i
- 22 czerwca 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami dostawcy.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Luka polegająca na deserializacji niezaufanych danych w interfejsie zarządzania opartym na sieci web niektórych routerów Cisco Small Business RV Series mogłaby umożliwić atakującemu wykonanie kodu z uprawnieniami root.
▸ Pokaż oryginał (EN)
A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges.
Powiązane podatności
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could ...
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could ...
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does n...
Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym
RCE przez insecure deserialization w Cisco Secure Firewall Management Center