CVE-2023-20007

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This issue is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this by sending crafted HTTP input to an affected device, potentially allowing the execution of arbitrary code as the root user on the underlying operating system or causing the web-based management process to restart.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.