CVE-2023-20026

Name of the Vulnerable Software and Affected Versions Cisco Small Business Routers RV042 Series (affected versions not specified) Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Small Business Routers could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This issue is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface, potentially allowing the execution of arbitrary commands on an affected device with root-level privileges. To exploit this issue, an attacker would need to have valid Administrator credentials on the affected device.

Recommendations For Cisco Small Business Routers RV042 Series: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325: At the moment, there is no information about a newer version that contains a fix for this vulnerability.