CVE-2020-3451

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV340 Series versions prior to 1.0.03.19 Cisco Small Business RV340 Series version 1.0.03.18 and earlier

Description: The vulnerability is related to a buffer overflow in the memory of the web-based management interface of Cisco Small Business RV340 Series Routers. This issue can be exploited by a remote attacker to execute arbitrary commands on the underlying operating system as a restricted user.

Recommendations: For versions prior to 1.0.03.19, update to version 1.0.03.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload.cgi API endpoint until a patch is available. Restrict access to the web-based management interface to minimize the risk of exploitation.