CVE-2023-20025

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV042 Series Routers (affected versions not specified) Cisco Small Business RV016, RV042, RV042G, and RV082 (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This issue is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this by sending crafted requests to the web-based management interface, potentially gaining root privileges on the affected device. The vulnerability is also related to errors in privilege management.

Recommendations For Cisco Small Business RV042 Series Routers, update the firmware to a version that addresses the authentication bypass issue. For Cisco Small Business RV016, RV042, RV042G, and RV082, restrict access to the web-based management interface until a patch is available. As a temporary workaround, consider disabling remote management access to minimize the risk of exploitation.