Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities

cisco-sa-rv-routers-stack-vUxHmnNz · High · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2020-3286, CVE-2020-3287, CVE-2020-3288, CVE-2020-3289, CVE-2020-3290, CVE-2020-3291, CVE-2020-3292, CVE-2020-3293, CVE-2020-3294, CVE-2020-3295, CVE-2020-3296
Cisco Bug IDsCSCvt29414, CSCvt26705, CSCvt26525, CSCvt26555, CSCvt26591, CSCvt26619, CSCvt26643, CSCvt26659, CSCvt26663, CSCvt26718, CSCvt26725, CSCvt26729, CSCvt29381, CSCvt29385, CSCvt29388, CSCvt29396, CSCvt29398, CSCvt29400, CSCvt29403, CSCvt29416, CSCvt29421, CSCvt29423
CVSS ScoreBase 7.2
Base 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Small Business RV Series Router Firmware

Related Products

Product CVE Evidence
Cisco Small Business RV Series Router Firmware CVE-2020-3296 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3295 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3294 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3293 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3292 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3291 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3290 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3289 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3288 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3287 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3286 Cisco OpenVuln