CVE-2022-20753

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write5 documents5 sources
Severity
7.2HIGH
EPSS
1.7%
top 17.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Rv340 FirmwareCisco Rv340w FirmwareCisco Rv345 Firmware+2 more
Timeline
PublishedMay 4
Latest updateMay 5

Description

A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages5 packages

NVDcisco/rv340_firmware< 1.0.03.27
NVDcisco/rv345_firmware< 1.0.03.27
NVDcisco/rv340w_firmware< 1.0.03.27
NVDcisco/rv345p_firmware< 1.0.03.27

🔴Vulnerability Details

2
GHSA
GHSA-x2hp-jfj2-m3hc: A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to exe2022-05-05
CVEList
Cisco Small Business RV Series Routers Remote Code Execution Vulnerability2022-05-04

📋Vendor Advisories

2
Cisco
Cisco Small Business RV Series Routers Remote Code Execution Vulnerability2022-05-04
CISA
Kaseya VSA Remote Code Execution Vulnerability2022-04-13
CVE-2022-20753 (HIGH CVSS 7.2) | A vulnerability in web-based manage | cvebase.io