CVE-2022-20701

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV Series Routers versions prior to the fixed version Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers (affected versions not specified)

Description The issue concerns a stack-based buffer overflow vulnerability and insufficient authorization procedure in the web interface of Cisco Small Business RV Series Routers. This could allow a remote attacker to elevate privileges to the level of root, execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS).

Recommendations For Cisco Small Business RV Series Routers, update to a version that includes the fix for this vulnerability. For Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, apply the recommended patch or update to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable web interface until a patch is available. Avoid using unsigned software and ensure proper authentication and authorization mechanisms are in place to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.