CVE-2023-20117

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers (affected versions not specified)

Description The web-based management interface of the affected devices has insufficient validation of user-supplied input, allowing an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Additionally, ensure that only trusted users have Administrator credentials on the affected devices.