CVE-2023-20128

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers (affected versions not specified)

Description The web-based management interface of the affected devices has insufficient validation of user-supplied input, which could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system. The attacker would need to have valid Administrator credentials on the affected device to exploit these vulnerabilities.

Recommendations For Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface with Administrator credentials until the issue is resolved.