Rewterz Threat Advisory – Multiple Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-20025 CVSS:9

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow a remote attacker to bypass security restrictions, caused by improper validation of user input within incoming HTTP packets. By sending a specially crafted HTTP request to the web-based management interface, an attacker could exploit this vulnerability to bypass authentication and obtain root access on the underlying operating system.

CVE-2023-20026 CVSS:6.5

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user input within incoming HTTP packets. By sending a specially crafted HTTP request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on the system and gain root-level privileges and access unauthorized data.

Impact

• Security Bypass
• Command Execution

Indicators Of Compromise

CVE

• Code Execution
• Security Bypass

Affected Vendors

Cisco

Affected Products

• Cisco Small Business RV016 Router
• Cisco Small Business RV042 Router
• Cisco Small Business RV042G Route
• Cisco Small Business RV082 Router

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2023-21742

CVE-2023-21744

CVE-2023-21743