PT-2022-2504 · Cisco · Cisco Small Business Rv345+1

Published

2022-05-04

Updated

2022-05-27

CVE-2022-20753

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV340 and RV345 Routers (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This issue is due to insufficient validation of user-supplied input. An attacker could exploit this by sending malicious input to an affected device, potentially allowing them to execute remote code if they have valid Administrator credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2022-02914

CVE-2022-20753

ZDI-22-756

ZDI-22-802

ZDI-22-803

Affected Products

Cisco Small Business Rv340

Cisco Small Business Rv345

PT-2022-2504 · Cisco · Cisco Small Business Rv345+1

CVE-2022-20753

Weakness Enumeration

Related Identifiers

Affected Products

References · 9