cbcvebase.
CVE-2024-20470
published 2024-10-02

CVE-2024-20470: A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an…

PriorityP351high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.63%
45.6th percentile
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

Affected

101 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscocisco_small_business_rv_series_router_firmware
ciscorv340_dual_wan_gigabit_vpn_router_firmware
ciscorv340_dual_wan_gigabit_vpn_router_firmware
ciscorv340_dual_wan_gigabit_vpn_router_firmware
ciscorv340_dual_wan_gigabit_vpn_router_firmware
ciscorv340_dual_wan_gigabit_vpn_router_firmware

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.