CVE-2024-20470

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers versions prior to 1.0.03.29

Description A vulnerability in the web-based management interface of the affected devices could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The attacker must have valid admin credentials to exploit this vulnerability. This issue exists because the web-based management interface does not sufficiently validate user-supplied input, allowing an attacker to send crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

Recommendations For versions prior to 1.0.03.29, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the web-based management interface with admin credentials until the issue is resolved. At the moment, there is no information about additional mitigation measures.