CVE-2022-20910

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV110W Wireless-N VPN Firewall versions not specified Cisco Small Business RV130 Series VPN Router versions not specified Cisco Small Business RV130W Wireless-N Multifunction VPN Router versions not specified Cisco Small Business RV215W Wireless-N VPN Router versions not specified

Description The issue is related to insufficient validation of user fields within incoming HTTP packets in the web-based management interface. This could allow a remote attacker with valid Administrator credentials to execute arbitrary commands on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker could exploit this by sending a crafted request to the web-based management interface.

Recommendations For Cisco Small Business RV110W Wireless-N VPN Firewall, restrict access to the web-based management interface until a fix is available. For Cisco Small Business RV130 Series VPN Router, consider disabling remote management capabilities to minimize the risk of exploitation. For Cisco Small Business RV130W Wireless-N Multifunction VPN Router, avoid using the web-based management interface for critical operations until the issue is resolved. For Cisco Small Business RV215W Wireless-N VPN Router, limit access to the device to only necessary personnel to reduce the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.