cbcvebase.
CVE-2020-3330
published 2020-07-16

CVE-2020-3330: A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.44%
87.5th percentile
A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_rv110w_wireless-n_vpn_firewall_firmware
ciscorv110w_wireless-n_vpn_firewall_firmware< 1.2.2.81.2.2.8
ciscosmall_business_rv110w_wireless-n_vpn_firewall_static_default_credential

Detection & IOCsextracted from sources · hover to see the quote

port23 (Telnet)
snort
SIDs 54538 - 54567
  • Exploit vector is Telnet — monitor for unauthenticated Telnet connections to Cisco RV110W devices, especially login attempts using the device's built-in static default system account credentials.
  • Use Cisco's published Snort SID range 54538–54567 to detect exploitation attempts against CVE-2020-3330 and related RV-series vulnerabilities.
  • Track Cisco bug ID CSCvs50818 for patch/version correlation when fingerprinting vulnerable RV110W firmware in the environment.
  • ·Cisco states there are no workarounds — only the released software update fully remediates the static credential issue.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.