CVE-2022-20700

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV Series Routers versions RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P

Description The issue is related to a stack-based buffer overflow vulnerability and insufficient authorization in the web interface of the affected routers. This could allow a remote attacker to elevate privileges to the level of root, execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS).

Recommendations For RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P, update the firmware to a version that addresses the vulnerabilities. As a temporary workaround, consider restricting access to the web interface of the affected routers until a patch is available. Restrict access to the vulnerable web interface to minimize the risk of exploitation. Avoid using unsigned software on the affected routers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.