CVE-2022-20709

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV340, RV340W, RV345, RV345P versions (affected versions not specified) Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers versions (affected versions not specified)

Description The issue is related to the lack of restrictions on file uploads in the web interface of Cisco Small Business routers. This could allow a remote attacker to cause a denial of service by uploading arbitrary files. Additionally, multiple vulnerabilities in these routers could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service.

Recommendations For Cisco Small Business RV340, RV340W, RV345, RV345P, consider disabling the file upload feature in the web interface until a patch is available. For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.