CVE-2020-3332

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The issue is due to insufficient input validation of user-supplied data. An attacker could exploit this by sending a crafted request to the web-based management interface, potentially allowing the execution of arbitrary shell commands or scripts with root privileges.

Recommendations For Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, consider disabling remote access to the management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.