CVE-2020-3451 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Rv340 Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation5 documents5 sources

Severity

4.7MEDIUMNVD

EPSS

0.5%

top 33.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv340 Firmware Cisco Rv340w Firmware Cisco Rv345 Firmware +2 more

Timeline

PublishedSep 4

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages5 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

▶NVDcisco/rv340_firmware< 1.0.03.19

▶NVDcisco/rv340w_firmware< 1.0.03.19

▶NVDcisco/rv345_firmware< 1.0.03.19

▶NVDcisco/rv345p_firmware< 1.0.03.19

🔴Vulnerability Details

GHSA

GHSA-jqfg-vvx5-35cc: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attac↗2022-05-24

▶

CVEList

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities↗2020-09-04

▶

VulnCheck

Cisco rv340w_firmware Improper Restriction of Operations within the Bounds of a Memory Buffer↗2020

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities↗2020-09-02

▶