cisco-sa-sb-rv-rce-overflow-ygHByAK

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

cisco-sa-sb-rv-rce-overflow-ygHByAK · Medium · Published 3 years ago · Updated 3 years ago

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rce-overflow-ygHByAK

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEs	CVE-2022-20873, CVE-2022-20874, CVE-2022-20875, CVE-2022-20876, CVE-2022-20877, CVE-2022-20878, CVE-2022-20879, CVE-2022-20880, CVE-2022-20881, CVE-2022-20882, CVE-2022-20883, CVE-2022-20884, CVE-2022-20885, CVE-2022-20886, CVE-2022-20887, CVE-2022-20888, CVE-2022-20889, CVE-2022-20890, CVE-2022-20891, CVE-2022-20892, CVE-2022-20893, CVE-2022-20894, CVE-2022-20895, CVE-2022-20896, CVE-2022-20897, CVE-2022-20898, CVE-2022-20899, CVE-2022-20900, CVE-2022-20901, CVE-2022-20902, CVE-2022-20903, CVE-2022-20904, CVE-2022-20910, CVE-2022-20911, CVE-2022-20912
Cisco Bug IDs	CSCwc26220, CSCwc26221, CSCwc26222, CSCwc26504, CSCwc26499, CSCwc26501
CVSS Score	Base 4.7 Base 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
Product Names From Source	Cisco Small Business RV Series Router Firmware

Related Products

Product	CVE	Evidence
Cisco Small Business RV Series Router Firmware	CVE-2022-20912	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20911	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20910	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20904	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20903	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20902	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20901	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20900	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20899	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20898	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20897	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20896	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20895	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20894	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20893	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20892	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20891	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20890	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20889	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20888	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20887	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20886	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20885	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20884	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20883	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20882	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20881	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20880	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20879	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20878	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20877	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20876	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20875	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20874	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	CVE-2022-20873	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerabilities

Workarounds

Related Products