CVE-2023-20073

Name of the Vulnerable Software and Affected Versions Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers (affected versions not specified)

Description A vulnerability in the web-based management interface of the affected devices could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this by sending a crafted HTTP request to an affected device, potentially allowing the upload of arbitrary files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.