cbcvebase.
CVE-2022-20825
published 2022-06-15

CVE-2022-20825: A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.90%
85.2th percentile
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscocisco_small_business_rv_series_router_firmware
ciscosmall_business_rv110w_rv130_rv130w_and_rv215w_routers

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a crafted HTTP request to the web-based management interface of affected Cisco Small Business routers (RV110W, RV130, RV130W, RV215W); monitor for anomalous or malformed HTTP packets targeting the management interface
  • The vulnerability is triggered by insufficient user input validation of incoming HTTP packets; inspect HTTP request payloads to the management interface for oversized or malformed input indicative of a stack buffer overflow (CWE-121)
  • Successful exploitation results in arbitrary command execution at root-level privileges or unexpected device restart (DoS); alert on affected devices rebooting unexpectedly or exhibiting signs of remote code execution
  • The attack is unauthenticated and remote; restrict access to the web-based management interface from untrusted networks and alert on any unauthenticated access attempts to management endpoints on affected devices
  • ·No software patch is available from Cisco for any of the affected devices (RV110W, RV130, RV130W, RV215W); no workarounds exist — detection and network-level access restriction are the only mitigations

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.