CVE-2022-20699
Cisco Small Business RV Series Routers Vulnerabilities
In short
Cisco Small Business routers (RV160, RV260, RV340, RV345) have critical flaws that let attackers take complete control by running malicious code, bypassing security checks, or crashing the device. These are serious vulnerabilities affecting network equipment used by many businesses.
Technical detail
Multiple stack-based buffer overflows and authentication bypass vulnerabilities in Cisco RV Series routers allow unauthenticated or low-privilege attackers to execute arbitrary code with root privileges, load unsigned firmware, and disable services. Attack vectors include web interface requests and command injection; affected models lack proper input validation and code signing verification.
Summary generated and translated by AI from the official description.
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Cisco · Cisco Small Business RV Series Router Firmwarepublic PoCs found — 3
githubgithub.com/Audiobahn/CVE-2022-20699★ 237githubgithub.com/puckiestyle/CVE-2022-20699★ 0cve_referencepacketstormsecurity.com/files/167113/Cisco-RV340-SSL-VPN-Unauthenticated-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/167113/Cisco-RV340-SSL-VPN-Unauthenticated-Remote-Code-Execution.htmlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6Dhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20699https://www.zerodayinitiative.com/advisories/ZDI-22-414/