CVE-2020-3278

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV320 and RV325 Series Routers versions (affected versions not specified) Cisco Small Business RV016, RV042, and RV082 Routers versions (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the web-based management interface of the affected routers. These vulnerabilities exist due to the interface's failure to properly validate user-supplied input to scripts. An authenticated, remote attacker with administrative privileges could exploit these vulnerabilities by sending malicious requests to an affected device, potentially allowing the execution of arbitrary commands with root privileges on the underlying operating system.

Recommendations For Cisco Small Business RV320 and RV325 Series Routers, update to a version that includes the fix for the vulnerability. For Cisco Small Business RV016, RV042, and RV082 Routers, update to a version that includes the fix for the vulnerability. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the web-based management interface for administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.