CVE-2022-20708

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV Series Routers versions prior to the fixed version Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified)

Description The issue allows an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, and cause denial of service (DoS). This is due to multiple vulnerabilities in the Cisco Small Business RV Series Routers, including a stack-based buffer overflow vulnerability and a command injection vulnerability in the update-clients command. The vulnerability can be exploited by sending a specially crafted request, allowing a remote attacker to execute arbitrary commands.

Recommendations For Cisco Small Business RV Series Routers, update to a version that contains a fix for this issue. For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, consider disabling the update-clients command as a temporary workaround until a patch is available. Restrict access to the vulnerable web interface to minimize the risk of exploitation. Avoid using unsigned software and ensure that all software is properly validated before execution.