CVE-2022-20801

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV340 and RV345 Routers (affected versions not specified) Cisco Small Business RV340W, RV345, and R345P (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input in the web-based management interface of the affected devices. This could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying Linux operating system of an affected device. To exploit this issue, an attacker would need to have valid Administrator credentials on the affected device. The attacker could exploit the issue by sending malicious input to an affected device, potentially allowing the execution of arbitrary commands.

Recommendations For Cisco Small Business RV340 and RV345 Routers, update the device to a version that includes the fix for this issue. For Cisco Small Business RV340W, RV345, and R345P, update the device to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Restrict access to the set-snmp command to minimize the risk of exploitation.