cbcvebase.
CVE-2023-20025
published 2023-01-20

CVE-2023-20025: A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.63%
73.3th percentile
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system.

Affected

25 ranges
VendorProductVersion rangeFixed in
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscosmall_business_rv016_rv042_rv042g_rv082_rv320_and_rv325_routers

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a crafted HTTP request to the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 routers; monitor for anomalous or malformed HTTP requests targeting the router management interface from unauthenticated sources
  • Root cause is improper validation of user input within incoming HTTP packets; inspect HTTP request payloads to the management interface for unexpected or malformed input patterns that may bypass authentication logic
  • Successful exploitation grants root access on the underlying OS; monitor for unexpected root-level process spawning or OS-level command execution originating from the router web management process
  • The vulnerability is also tracked under Cisco Bug IDs CSCwd47551, CSCwd60199, CSCwe41652; use these identifiers when correlating vendor threat intelligence or SIEM feeds
  • ·No software patch is available from Cisco for affected devices (RV016, RV042, RV042G, RV082, RV320, RV325); these are end-of-life products with no planned fix, so network-level controls (e.g., blocking external access to the management interface) are the only mitigation

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco9.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.