HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-3275

CVSS 7.2v3.1pub. 2020-06-18upd. 2024-11-21

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Cisco Rv016

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv016 Firmware

    OS
    Cisco
    ≤ 4.2.3.10
  • Cisco Rv042

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv042 Firmware

    OS
    Cisco
    ≤ 4.2.3.10
  • Cisco Rv042g

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv042g Firmware

    OS
    Cisco
    ≤ 4.2.3.10
  • Cisco Rv082

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv082 Firmware

    OS
    Cisco
    ≤ 4.2.3.10
  • Cisco Rv320

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv320 Firmware

    OS
    Cisco
    ≤ 1.5.1.05
  • Cisco Rv325

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv325 Firmware

    OS
    Cisco
    ≤ 1.5.1.05
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-20025CRITICAL9.0ten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 ...

CVE-2017-3882CRITICAL9.6ten sam produkt

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Route...

CVE-2019-1652HIGH7.2⚠ KEVten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN...

CVE-2019-1653HIGH7.5⚠ KEVten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN...

CVE-2023-20117HIGH7.2ten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gi...