CVE-2020-3323

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV110W versions (affected versions not specified) Cisco Small Business RV130 versions (affected versions not specified) Cisco Small Business RV130W versions (affected versions not specified) Cisco Small Business RV215W versions (affected versions not specified)

Description The issue is due to insufficient validation of user input in the web-based management interface, allowing a remote attacker to execute arbitrary code on the device. An attacker could exploit this by sending crafted HTTP requests to the targeted device, potentially allowing them to execute arbitrary code as the root user on the underlying operating system.

Recommendations For Cisco Small Business RV110W, update to a version that fixes the improper validation of user-supplied input in the web-based management interface. For Cisco Small Business RV130, update to a version that fixes the improper validation of user-supplied input in the web-based management interface. For Cisco Small Business RV130W, update to a version that fixes the improper validation of user-supplied input in the web-based management interface. For Cisco Small Business RV215W, update to a version that fixes the improper validation of user-supplied input in the web-based management interface. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.