CVE-2022-20841 — Classic Buffer Overflow in Cisco Rv160 Firmware

CWE-120 — Classic Buffer Overflow CWE-20 — Improper Input Validation CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

2.9%

top 13.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv160 Firmware Cisco Rv160w Firmware Cisco Rv260 Firmware +7 more

Timeline

PublishedAug 10

Latest updateAug 11

Description

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages10 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

▶NVDcisco/rv160_firmware< 1.0.01.05

▶NVDcisco/rv260_firmware< 1.0.01.05

▶NVDcisco/rv340_firmware< 1.0.03.26

▶NVDcisco/rv345_firmware< 1.0.03.26

🔴Vulnerability Details

GHSA

GHSA-x2h4-3j4q-4xqv: Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to exec↗2022-08-11

▶

CVEList

Cisco Small Business RV Series Routers Vulnerabilities↗2022-08-10

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV Series Routers Vulnerabilities↗2022-08-03

▶