CVE-2020-3144

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV110W versions not specified Cisco Small Business RV130 versions not specified Cisco Small Business RV130W versions not specified Cisco Small Business RV215W versions not specified

Description The issue is related to inadequate access control in the web-based management interface of the affected devices. It may allow a remote attacker to execute arbitrary commands with administrative privileges. The vulnerability is due to improper session management. An attacker could exploit this by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to gain administrative access.

Recommendations For Cisco Small Business RV110W, update the firmware to a version that addresses the improper session management issue. For Cisco Small Business RV130, update the firmware to a version that addresses the improper session management issue. For Cisco Small Business RV130W, update the firmware to a version that addresses the improper session management issue. For Cisco Small Business RV215W, update the firmware to a version that addresses the improper session management issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.