CVE-2022-20703

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV Series Routers versions RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P

Description The issue concerns a vulnerability related to improper certificate validation in the firmware update process of the affected routers. This could allow an attacker to execute arbitrary code, elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause denial of service (DoS).

Recommendations For Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, RV345P, consider disabling the firmware update feature until a patch is available. Restrict access to the firmware update module to minimize the risk of exploitation. Avoid using unsigned software on the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.