CVE-2022-20711

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV340, RV340W, RV345, RV345P versions (affected versions not specified) Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified)

Description The issue exists due to insufficient input validation in the web interface of the Cisco Small Business routers' firmware. An attacker, acting remotely, can exploit this to disclose protected information or overwrite arbitrary files using a specially crafted HTTP request. The vulnerability could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS).

Recommendations For Cisco Small Business RV340, RV340W, RV345, RV345P: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers: At the moment, there is no information about a newer version that contains a fix for this vulnerability.