Takeshi Shiomitsu

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV340 version 1.0.03.21 and earlier Cisco Small Business RV340W versions prior to 1.0.03.21 Cisco Small Business RV345 versions prior to 1.0.03.21 Cisco Small Business RV345P versions prior to 1.0.03.21 Description: The vulnerability in the web-based management interface of Cisco Small Business RV Series Routers is related to insufficient input validation. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code, bypass authentication, or upload files on an affected device. Recommendations: For Cisco Small Business RV340 version 1.0.03.21 and earlier, update to a version later than 1.0.03.21. For Cisco Small Business RV340W versions prior to 1.0.03.21, update to a version later than 1.0.03.21. For Cisco Small Business RV345 versions prior to 1.0.03.21, update to a version later than 1.0.03.21. For Cisco Small Business RV345P versions prior to 1.0.03.21, update to a version later than 1.0.03.21. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV Series Routers versions prior to 1.0.01.03 RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P (affected versions not specified) Description: Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. The vulnerability is related to session management errors on affected devices, which could allow a remote attacker to bypass authentication and upload arbitrary files. Recommendations: For versions prior to 1.0.01.03, update the firmware to version 1.0.01.03 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available. Avoid using the vulnerable web-based management interface until the issue is resolved. At the moment, there is no information about additional mitigation measures for other affected versions.