CVE-2024-20516

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV042, RV042G, RV320, and RV325 Routers (affected versions not specified)

Description The issue is related to insufficient validation of user input in incoming HTTP packets, which can lead to a buffer overflow in memory. This can be exploited by sending a specially crafted HTTP request to the web-based management interface, potentially allowing a remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The exploitation requires valid Administrator credentials on the affected device.

Recommendations For Cisco Small Business RV042, RV042G, RV320, and RV325 Routers, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, limit the use of the web-based management interface to minimize the risk of exploitation. Avoid using the web-based management interface with Administrator credentials until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.