ByteOS Network

Type	CWE ID	Description
CWE	CWE-120	CWE-120

Version	Base score	Base severity	Vector
3.1	4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK	vendor-advisory x_refsource_CISCO

Hyperlink	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK	vendor-advisory x_refsource_CISCO x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov
CWE-120	Secondary	ykramarz@cisco.com

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK	ykramarz@cisco.com	Vendor Advisory

CVE-2023-20007

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.24% / 46.72%

||

7 Day CHG~0.00%

Published-19 Jan, 2023 | 01:40

Updated-02 Aug, 2024 | 08:57

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition.

Vendor-Cisco Systems, Inc.

Product-rv340_firmware rv340w rv345p rv345 rv345_firmware rv345p_firmware rv340 rv340w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20894

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:52

Updated-01 Nov, 2024 | 18:58

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20879

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:54

Updated-01 Nov, 2024 | 18:57

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20903

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG-0.20%

Published-21 Jul, 2022 | 03:50

Updated-06 Nov, 2024 | 16:10

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20912

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG-0.20%

Published-21 Jul, 2022 | 04:06

Updated-01 Nov, 2024 | 18:55

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20910

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.49% / 64.48%

||

7 Day CHG-0.11%

Published-21 Jul, 2022 | 04:00

Updated-01 Nov, 2024 | 18:56

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20904

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.58% / 67.89%

||

7 Day CHG+0.15%

Published-21 Jul, 2022 | 03:50

Updated-06 Nov, 2024 | 16:10

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20873

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:45

Updated-01 Nov, 2024 | 19:00

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20878

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:54

Updated-01 Nov, 2024 | 18:57

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20898

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:51

Updated-06 Nov, 2024 | 16:09

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20883

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG+0.22%

Published-21 Jul, 2022 | 03:53

Updated-06 Nov, 2024 | 16:08

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20890

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:52

Updated-01 Nov, 2024 | 18:58

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20880

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:54

Updated-01 Nov, 2024 | 18:57

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20885

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG+0.17%

Published-21 Jul, 2022 | 03:53

Updated-06 Nov, 2024 | 16:08

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20893

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:52

Updated-01 Nov, 2024 | 18:58

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20888

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG+0.22%

Published-21 Jul, 2022 | 03:53

Updated-01 Nov, 2024 | 18:57

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20891

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.08%

Published-21 Jul, 2022 | 03:52

Updated-01 Nov, 2024 | 18:58

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20876

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:45

Updated-06 Nov, 2024 | 16:10

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20887

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG+0.22%

Published-21 Jul, 2022 | 03:53

Updated-01 Nov, 2024 | 18:57

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20899

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:51

Updated-06 Nov, 2024 | 16:09

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20877

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.58% / 68.01%

||

7 Day CHG+0.28%

Published-21 Jul, 2022 | 03:45

Updated-06 Nov, 2024 | 16:10

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20892

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:52

Updated-01 Nov, 2024 | 18:58

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20886

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG+0.22%

Published-21 Jul, 2022 | 03:53

Updated-06 Nov, 2024 | 16:08

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20901

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG-0.20%

Published-21 Jul, 2022 | 03:51

Updated-06 Nov, 2024 | 16:09

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20911

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.39% / 59.48%

||

7 Day CHG-0.20%

Published-21 Jul, 2022 | 04:00

Updated-01 Nov, 2024 | 18:56

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20902

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG-0.20%

Published-21 Jul, 2022 | 03:51

Updated-06 Nov, 2024 | 16:09

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20884

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG+0.17%

Published-21 Jul, 2022 | 03:53

Updated-06 Nov, 2024 | 16:08

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20882

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG+0.17%

Published-21 Jul, 2022 | 03:54

Updated-06 Nov, 2024 | 16:08

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20889

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG-0.20%

Published-21 Jul, 2022 | 03:52

Updated-01 Nov, 2024 | 18:58

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20895

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:52

Updated-01 Nov, 2024 | 18:58

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20881

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:54

Updated-06 Nov, 2024 | 16:07

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20874

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:45

Updated-01 Nov, 2024 | 19:00

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20875

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.48% / 63.92%

||

7 Day CHG-0.10%

Published-21 Jul, 2022 | 03:45

Updated-01 Nov, 2024 | 19:00

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware application_extension_platform rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20896

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:51

Updated-01 Nov, 2024 | 18:59

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-20897

Matching Score-10

Assigner-Cisco Systems, Inc.

View Details

Matching Score-10

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.38% / 58.83%

||

7 Day CHG+0.12%

Published-21 Jul, 2022 | 03:51

Updated-06 Nov, 2024 | 16:08

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-20254

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.2||HIGH

EPSS-0.32% / 54.60%

||

7 Day CHG+0.05%

Published-27 Sep, 2023 | 17:11

Updated-23 Oct, 2024 | 19:39

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.

Vendor-Cisco Systems, Inc.

Product-sd-wan_manager Cisco SD-WAN vManage catalyst_sd-wan_manager

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

CVE-2023-20250

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.24% / 47.56%

||

7 Day CHG~0.00%

Published-06 Sep, 2023 | 16:59

Updated-24 Oct, 2024 | 16:49

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.

Vendor-Cisco Systems, Inc.

Product-rv130w_firmware rv130_firmware rv110w rv110w_firmware rv130w rv215w rv130 rv215w_firmware Cisco Small Business RV Series Router Firmware small_business_rv_series_router_firmware

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2023-20273

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.2||HIGH

EPSS-91.48% / 99.66%

||

7 Day CHG-0.36%

Published-24 Oct, 2023 | 14:13

Updated-30 Jul, 2025 | 01:37

Known KEV||Action Due Date - 2023-10-27||Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Vendor-Cisco Systems, Inc.

Product-catalyst_3650-12x48ur-e catalyst_3850-32xs-s catalyst_3650-48pd-s catalyst_3650-8x24uq-e catalyst_3650-48pq-e catalyst_3650-8x24pd-e catalyst_3650-48fd-s catalyst_3650-8x24pd-l catalyst_3650-24td-s catalyst_3650-48tq-e catalyst_3650-48fq-e catalyst_3850-48xs catalyst_3850-24u-e catalyst_3650-12x48uq catalyst_3650-12x48uz-e catalyst_3850-48p-l catalyst_3850-48xs-f-e catalyst_3850-24t-s catalyst_3650-24pdm catalyst_3650-48fd-e catalyst_3850-12xs-s catalyst_3650-48ts-e catalyst_3650-12x48fd-e catalyst_3650-48ps-e catalyst_3850-48xs-e catalyst_3850-16xs-e catalyst_3650-24td-e catalyst_3650-12x48uq-s catalyst_3650-8x24uq catalyst_3650-48ps-l catalyst_3650-8x24uq-s catalyst_3650-48fs-s catalyst_3650-8x24pd-s catalyst_3650-12x48fd-s catalyst_3850-24u-l catalyst_3850-24u catalyst_3650-24ps-l catalyst_3650-48fqm-e catalyst_3650-48fd-l catalyst_3850-24xu-e catalyst_3650-24pd-l catalyst_3650-48td-l catalyst_3850-48xs-f-s catalyst_3650-24pdm-e catalyst_3650-48fq-s catalyst_3650-48ts-l catalyst_3650 catalyst_3650-48ps-s catalyst_3650-12x48uq-l catalyst_3650-48fq catalyst_3850-24p-l catalyst_3650-48ts-s catalyst_3850-24xs catalyst_3650-24pd catalyst_3850-24xs-s catalyst_3850-48f-s catalyst_3650-24pd-e catalyst_3850-24p-s catalyst_3650-24pdm-l catalyst_3850-12s-e catalyst_3850-24s-e catalyst_3650-12x48ur catalyst_3650-48fq-l catalyst_3850-12s-s catalyst_3850-48t-s catalyst_3850-48t-l catalyst_3650-48fqm-s catalyst_3650-24ts-s catalyst_3850-48u-e catalyst_3850-48u-s catalyst_3850-24pw-s catalyst_3850-24xs-e catalyst_3650-8x24uq-l catalyst_3850-32xs-e catalyst_3650-48fs-e catalyst_3650-48tq-s catalyst_3850-24s-s catalyst_3650-48pd-e catalyst_3850-24t-e catalyst_3650-12x48fd-l catalyst_3850-16xs-s catalyst_3650-48pq-s catalyst_3650-24ps-e catalyst_3650-24ts-e catalyst_3850-12x48u catalyst_3850-24u-s catalyst_3650-24ts-l catalyst_3650-24pdm-s catalyst_3850-48p-e catalyst_3650-24pd-s catalyst_3850-48u catalyst_3650-48td-s catalyst_3650-12x48uq-e catalyst_3850-nm-2-40g catalyst_3850-48xs-s catalyst_3650-12x48ur-s catalyst_3650-48pq-l catalyst_3850-48pw-s catalyst_3850-24xu-s catalyst_3650-12x48uz catalyst_3850-48f-l catalyst_3650-48fs-l catalyst_3850-nm-8-10g catalyst_3650-48pd-l catalyst_3850-12xs-e catalyst_3850-24xu-l catalyst_3650-24td-l catalyst_3850 catalyst_3650-12x48uz-l catalyst_3650-48fqm catalyst_3650-48tq-l catalyst_3650-24ps-s catalyst_3850-48t-e catalyst_3650-12x48uz-s catalyst_3850-24p-e catalyst_3850-48f-e catalyst_3850-48p-s catalyst_3850-24t-l catalyst_3650-48td-e catalyst_3850-48u-l catalyst_3850-24xu catalyst_3650-12x48ur-l catalyst_3650-48fqm-l ios_xe Cisco IOS XE Software Cisco IOS XE Web UI

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-20266

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.04% / 10.94%

||

7 Day CHG~0.00%

Published-30 Aug, 2023 | 16:18

Updated-01 Jul, 2025 | 13:45

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.

Vendor-Cisco Systems, Inc.

Product-unified_communications_manager unity_connection emergency_responder Cisco Emergency Responder Cisco Unified Communications Manager Cisco Unity Connection

CWE ID-CWE-347

Improper Verification of Cryptographic Signature

CWE ID-CWE-269

Improper Privilege Management

CVE-2011-2538

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.2||HIGH

EPSS-2.96% / 85.93%

||

7 Day CHG~0.00%

Published-28 Oct, 2019 | 20:19

Updated-20 Nov, 2024 | 17:04

Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.

Vendor-Cisco Systems, Inc.

Product-telepresence_video_communication_server Cisco Video Communications Server (VCS)

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVE-2023-20219

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.2||HIGH

EPSS-0.45% / 62.61%

||

7 Day CHG~0.00%

Published-01 Nov, 2023 | 17:08

Updated-26 Nov, 2024 | 16:09

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.

Vendor-Cisco Systems, Inc.

Product-secure_firewall_management_center Cisco Firepower Management Center firepower_management_center

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2023-20076

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.2||HIGH

EPSS-0.44% / 62.25%

||

7 Day CHG~0.00%

Published-12 Feb, 2023 | 00:00

Updated-28 Oct, 2024 | 16:34

Cisco IOx Application Hosting Environment Command Injection Vulnerability

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

Vendor-Cisco Systems, Inc.

Product-ios_xe 809_industrial_integrated_services_router ir510_wpan_firmware 829_industrial_integrated_services_router_firmware ic3000_industrial_compute_gateway cgr1240 807_industrial_integrated_services_router_firmware 807_industrial_integrated_services_router cgr1000_firmware 829_industrial_integrated_services_router ir510_wpan 809_industrial_integrated_services_router_firmware cgr1240_firmware cgr1000 iox Cisco IOS

CWE ID-CWE-233

Improper Handling of Parameters

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-20045

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-4.9||MEDIUM

EPSS-0.04% / 11.99%

||

7 Day CHG~0.00%

Published-19 Jan, 2023 | 01:39

Updated-02 Aug, 2024 | 08:57

A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device.

Vendor-Cisco Systems, Inc.

Product-rv160_vpn_router rv160w_wireless-ac_vpn_router rv160_vpn_router_firmware rv260p_vpn_router_with_poe rv160w_wireless-ac_vpn_router_firmware rv260_vpn_router rv260_vpn_router_firmware rv260p_vpn_router_with_poe_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-20

Improper Input Validation

CVE-2023-20209

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.5||MEDIUM

EPSS-30.12% / 96.50%

||

7 Day CHG-1.11%

Published-16 Aug, 2023 | 20:59

Updated-23 Oct, 2024 | 19:42

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.

Vendor-Cisco Systems, Inc.

Product-telepresence_video_communication_server Cisco TelePresence Video Communication Server (VCS) Expressway

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2023-20026

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.40% / 59.57%

||

7 Day CHG~0.00%

Published-19 Jan, 2023 | 01:33

Updated-12 Mar, 2025 | 17:15

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.

Vendor-Cisco Systems, Inc.

Product-rv042_firmware rv042g rv042 rv016 rv082 rv042g_firmware rv016_firmware rv082_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2023-20117

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-7.2||HIGH

EPSS-9.71% / 92.62%

||

7 Day CHG~0.00%

Published-05 Apr, 2023 | 00:00

Updated-28 Oct, 2024 | 16:30

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.

Vendor-Cisco Systems, Inc.

Product-rv325 rv325_firmware rv320 rv320_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-146

Improper Neutralization of Expression/Command Delimiters

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-20124

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 14.87%

||

7 Day CHG~0.00%

Published-05 Apr, 2023 | 00:00

Updated-28 Oct, 2024 | 16:30

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability.

Vendor-Cisco Systems, Inc.

Product-rv325 rv320 rv042 rv016_firmware rv042g rv082 rv320_firmware rv042_firmware rv325_firmware rv082_firmware rv016 rv042g_firmware Cisco Small Business RV Series Router Firmware

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2023-20196

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-4.7||MEDIUM

EPSS-0.42% / 61.26%

||

7 Day CHG~0.00%

Published-01 Nov, 2023 | 17:01

Updated-02 Aug, 2024 | 09:05

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.

Vendor-Cisco Systems, Inc.

Product-identity_services_engine Cisco Identity Services Engine Software

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2023-20103

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-4.9||MEDIUM

EPSS-0.13% / 33.21%

||

7 Day CHG~0.00%

Published-05 Apr, 2023 | 00:00

Updated-25 Oct, 2024 | 16:01

Cisco Secure Network Analytics Remote Code Execution Vulnerability

A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.

Vendor-Cisco Systems, Inc.

Product-secure_network_analytics Cisco Secure Network Analytics

CWE ID-CWE-20

Improper Input Validation

CVE-2023-20164

Matching Score-8

Assigner-Cisco Systems, Inc.

View Details

Matching Score-8

Assigner-Cisco Systems, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.35% / 56.65%

||

7 Day CHG~0.00%

Published-18 May, 2023 | 00:00

Updated-28 Oct, 2024 | 16:29

Cisco Identity Services Engine Command Injection Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Vendor-Cisco Systems, Inc.

Product-identity_services_engine Cisco Identity Services Engine Software

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2022-20900

Credits

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs