A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCisco Rv016 Multi Wan Vpn
HWCiscowszystkie wersjeCisco Rv016 Multi Wan Vpn Firmware
OSCisco< 4.2.3.10Cisco Rv042 Dual Wan Vpn
HWCiscowszystkie wersjeCisco Rv042 Dual Wan Vpn Firmware
OSCisco< 4.2.3.10Cisco Rv042g Dual Gigabit Wan Vpn
HWCiscowszystkie wersjeCisco Rv042g Dual Gigabit Wan Vpn Firmware
OSCisco< 4.2.3.10Cisco Rv082 Dual Wan Vpn
HWCiscowszystkie wersjeCisco Rv082 Dual Wan Vpn Firmware
OSCisco< 4.2.3.10
CISA KEV — detailsi
- Vendori
- Cisco ↗
- Producti
- RV Series Routers
- Added to KEVi
- June 8, 2022
- Remediation deadline (US Federal)i
- June 22, 2022(overdue)
Apply updates per vendor instructions.
A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges.
Related vulnerabilities
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could ...
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could ...
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does n...
Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym
RCE przez insecure deserialization w Cisco Secure Firewall Management Center