CVE-2023-20250

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.2HIGH

EPSS

0.2%

top 52.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Small Business RV Series Router Firmware Cisco Rv110w Firmware Cisco Rv130 Firmware +2 more

Timeline

PublishedSep 6

Description

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute a…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages5 packages

▶NVDcisco/rv130w_firmware42 versions+41

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmware42 versions+41

▶NVDcisco/rv130_firmware42 versions+41

▶NVDcisco/rv110w_firmware42 versions+41

▶NVDcisco/rv215w_firmware42 versions+41

🔴Vulnerability Details

CVEList

CVE-2023-20250: A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated,↗2023-09-06

▶

GHSA

GHSA-5p9g-w9p4-jfm4: A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated,↗2023-09-06

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability↗2023-09-06

▶

🕵️Threat Intelligence

Microsoft

Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability | Microsoft Security Blog↗2019-04-10

▶