CVE-2024-20416

Name of the Vulnerable Software and Affected Versions Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers (affected versions not specified)

Description A vulnerability in the upload module could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This issue is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this by sending crafted HTTP requests to an affected device, potentially allowing the execution of arbitrary code as the root user on the underlying operating system.

Recommendations For Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers, consider disabling the upload module as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the vulnerable upload functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.