CVE-2022-20707

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV340 versions le1.0.03.24 and earlier Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified)

Description The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary commands using a specially crafted request. The issue could also allow an attacker to execute arbitrary code, elevate privileges, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS).

Recommendations For Cisco Small Business RV340 version le1.0.03.24 and earlier, update to a version later than le1.0.03.24 to resolve the issue. For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.