Hou Liuyang

**Name of the Vulnerable Software and Affected Versions** VioStor versions prior to 5.1.6 build 20250621 **Description** An improper authentication issue has been reported in VioStor, potentially allowing a remote attacker to compromise system security. **Recommendations** Update to VioStor version 5.1.6 build 20250621 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV042 Series Routers (affected versions not specified) Cisco Small Business RV016, RV042, RV042G, and RV082 (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This issue is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this by sending crafted requests to the web-based management interface, potentially gaining root privileges on the affected device. The vulnerability is also related to errors in privilege management. **Recommendations** For Cisco Small Business RV042 Series Routers, update the firmware to a version that addresses the authentication bypass issue. For Cisco Small Business RV016, RV042, RV042G, and RV082, restrict access to the web-based management interface until a patch is available. As a temporary workaround, consider disabling remote management access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business Routers RV042 Series (affected versions not specified) Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 (affected versions not specified) **Description** A vulnerability in the web-based management interface of Cisco Small Business Routers could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This issue is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface, potentially allowing the execution of arbitrary commands on an affected device with root-level privileges. To exploit this issue, an attacker would need to have valid Administrator credentials on the affected device. **Recommendations** For Cisco Small Business Routers RV042 Series: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325: At the moment, there is no information about a newer version that contains a fix for this vulnerability.