Search

Find a vulnerability

Search criteria

    92 vulnerabilities found for rv042_firmware by cisco

    CVE-2024-20524 (GCVE-0-2024-20524)

    Vulnerability from nvd – Published: 2024-10-02 16:57 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:43.563003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:33.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:57:45.406Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20524",
        "datePublished": "2024-10-02T16:57:45.406Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T17:25:33.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20523 (GCVE-0-2024-20523)

    Vulnerability from nvd – Published: 2024-10-02 16:57 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:45.741625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:39.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:57:35.516Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20523",
        "datePublished": "2024-10-02T16:57:35.516Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T17:25:39.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20522 (GCVE-0-2024-20522)

    Vulnerability from nvd – Published: 2024-10-02 16:57 – Updated: 2024-10-02 18:52
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20522",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:28:32.467559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T18:52:46.250Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:57:27.083Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20522",
        "datePublished": "2024-10-02T16:57:27.083Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T18:52:46.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20521 (GCVE-0-2024-20521)

    Vulnerability from nvd – Published: 2024-10-02 16:56 – Updated: 2024-10-17 19:51
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:25:56.653631Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T19:51:56.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:42.263Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20521",
        "datePublished": "2024-10-02T16:56:42.263Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-17T19:51:56.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20520 (GCVE-0-2024-20520)

    Vulnerability from nvd – Published: 2024-10-02 16:56 – Updated: 2024-10-02 19:09
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20520",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:55:31.611704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:09:54.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:33.815Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20520",
        "datePublished": "2024-10-02T16:56:33.815Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T19:09:54.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20519 (GCVE-0-2024-20519)

    Vulnerability from nvd – Published: 2024-10-02 16:56 – Updated: 2024-10-02 19:12
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:55:47.348958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:12:10.672Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:21.994Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20519",
        "datePublished": "2024-10-02T16:56:21.994Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T19:12:10.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20518 (GCVE-0-2024-20518)

    Vulnerability from nvd – Published: 2024-10-02 16:56 – Updated: 2024-10-02 19:12
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:56:15.521738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:12:22.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:12.546Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20518",
        "datePublished": "2024-10-02T16:56:12.546Z",
        "dateReserved": "2023-11-08T15:08:07.689Z",
        "dateUpdated": "2024-10-02T19:12:22.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20517 (GCVE-0-2024-20517)

    Vulnerability from nvd – Published: 2024-10-02 16:56 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:47.778863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:46.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:02.025Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20517",
        "datePublished": "2024-10-02T16:56:02.025Z",
        "dateReserved": "2023-11-08T15:08:07.689Z",
        "dateUpdated": "2024-10-02T17:25:46.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20516 (GCVE-0-2024-20516)

    Vulnerability from nvd – Published: 2024-10-02 16:55 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:49.883022Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:54.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:55:52.185Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20516",
        "datePublished": "2024-10-02T16:55:52.185Z",
        "dateReserved": "2023-11-08T15:08:07.689Z",
        "dateUpdated": "2024-10-02T17:25:54.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20362 (GCVE-0-2024-20362)

    Vulnerability from nvd – Published: 2024-04-03 16:25 – Updated: 2024-11-07 19:16
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 1.1.0.09
    Affected: 1.1.1.19
    Affected: 1.1.1.06
    Affected: 1.2.1.14
    Affected: 2.0.0.19-tm
    Affected: 1.3.1.12
    Affected: 1.3.1.10
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 4.0.0.7
    Affected: 4.0.2.08-tm
    Affected: 4.0.3.03-tm
    Affected: 4.0.4.02-tm
    Affected: 4.2.2.08
    Affected: 4.2.3.03
    Affected: 4.2.3.06
    Affected: 4.2.3.07
    Affected: 4.2.3.09
    Affected: 4.2.3.10
    Affected: 4.2.3.14
    Affected: 1.4.2.15
    Affected: 1.4.2.17
    Affected: 1.4.2.19
    Affected: 1.4.2.22
    Affected: 3.0.0.1-tm
    Affected: 4.1.1.01
    Affected: 1.5.1.05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T20:02:16.853338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:16:09.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-sbiz-rv-xss-OQeRTup",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:25:56.368Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sbiz-rv-xss-OQeRTup",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sbiz-rv-xss-OQeRTup",
            "defects": [
              "CSCwj24997"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20362",
        "datePublished": "2024-04-03T16:25:56.368Z",
        "dateReserved": "2023-11-08T15:08:07.651Z",
        "dateUpdated": "2024-11-07T19:16:09.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20118 (GCVE-0-2023-20118)

    Vulnerability from nvd – Published: 2023-04-05 16:05 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds ["#workarounds"] section. {{value}} ["%7b%7bvalue%7d%7d"])}]]
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 1.0.1.17
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.1.1.19
    Affected: 1.1.1.06
    Affected: 1.2.1.13
    Affected: 1.2.1.14
    Affected: 1.3.1.12
    Affected: 1.3.2.02
    Affected: 1.3.1.10
    Affected: 1.4.2.15
    Affected: 1.4.2.17
    Affected: 1.4.2.19
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.5.1.05
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20118",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-03T20:12:24.673297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-03-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20118"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:20.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20118"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-03-03T00:00:00.000Z",
                "value": "CVE-2023-20118 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.\r\n\r Cisco has not and will not release software updates that address this vulnerability.   However, administrators may disable the affected feature as described in the Workarounds [\"#workarounds\"] section.\r\n\r  {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nIn March 2025, the Cisco PSIRT became aware of additional attempted exploitation of some of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade their hardware to Meraki or Cisco 1000 Series Integrated Services Routers to remediate these vulnerabilities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-12T16:21:05.953Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
            "defects": [
              "CSCwe41652"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20118",
        "datePublished": "2023-04-05T16:05:41.067Z",
        "dateReserved": "2022-10-27T18:47:50.345Z",
        "dateUpdated": "2025-10-21T23:15:20.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20151 (GCVE-0-2023-20151)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:58
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.861Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20151",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:34:31.698264Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:58:27.245Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20151",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:58:27.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20150 (GCVE-0-2023-20150)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:58
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.870Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:34:38.425731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:58:34.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20150",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:58:34.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20149 (GCVE-0-2023-20149)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:58
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20149",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:34:44.905161Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:58:46.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20149",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:58:46.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20148 (GCVE-0-2023-20148)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:58
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.867Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20148",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:34:46.418433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:58:53.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20148",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:58:53.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20147 (GCVE-0-2023-20147)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:59
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20147",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:34:47.693942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:59:00.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20147",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:59:00.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20146 (GCVE-0-2023-20146)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-11-06 14:17
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:34.964Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20146",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:17:58.315861Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:17:20.500Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20146",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-11-06T14:17:20.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20145 (GCVE-0-2023-20145)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:59
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.714Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20145",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:34:54.362234Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:59:09.552Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20145",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:59:09.552Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20144 (GCVE-0-2023-20144)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:59
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20144",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:35:00.710262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:59:17.421Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20144",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:59:17.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20143 (GCVE-0-2023-20143)

    Vulnerability from nvd – Published: 2023-04-05 00:00 – Updated: 2024-10-25 15:59
    VLAI
    Title
    Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20143",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:35:02.534309Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T15:59:25.961Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-05T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230405 Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W"
            }
          ],
          "source": {
            "advisory": "cisco-sa-rv-stored-xss-vqz7gC8W",
            "defect": [
              [
                "CSCwe21294",
                "CSCwe75298",
                "CSCwe75302",
                "CSCwe75304",
                "CSCwe75324",
                "CSCwe75338",
                "CSCwe75341",
                "CSCwe75346",
                "CSCwe75348",
                "CSCwe75352",
                "CSCwe75355",
                "CSCwe75367",
                "CSCwe75369",
                "CSCwe75375",
                "CSCwe75377"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20143",
        "datePublished": "2023-04-05T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-25T15:59:25.961Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20524 (GCVE-0-2024-20524)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:57 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:43.563003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:33.476Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:57:45.406Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20524",
        "datePublished": "2024-10-02T16:57:45.406Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T17:25:33.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20523 (GCVE-0-2024-20523)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:57 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:45.741625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:39.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:57:35.516Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20523",
        "datePublished": "2024-10-02T16:57:35.516Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T17:25:39.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20522 (GCVE-0-2024-20522)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:57 – Updated: 2024-10-02 18:52
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20522",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:28:32.467559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T18:52:46.250Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:57:27.083Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20522",
        "datePublished": "2024-10-02T16:57:27.083Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T18:52:46.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20521 (GCVE-0-2024-20521)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:56 – Updated: 2024-10-17 19:51
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:25:56.653631Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T19:51:56.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:42.263Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20521",
        "datePublished": "2024-10-02T16:56:42.263Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-17T19:51:56.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20520 (GCVE-0-2024-20520)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:56 – Updated: 2024-10-02 19:09
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20520",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:55:31.611704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:09:54.092Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:33.815Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20520",
        "datePublished": "2024-10-02T16:56:33.815Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T19:09:54.092Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20519 (GCVE-0-2024-20519)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:56 – Updated: 2024-10-02 19:12
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:55:47.348958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:12:10.672Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:21.994Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20519",
        "datePublished": "2024-10-02T16:56:21.994Z",
        "dateReserved": "2023-11-08T15:08:07.690Z",
        "dateUpdated": "2024-10-02T19:12:10.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20518 (GCVE-0-2024-20518)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:56 – Updated: 2024-10-02 19:12
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    cisco small_business_rv_series_router_firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
        cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "small_business_rv_series_router_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "4.0.2.08-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.1.01"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.03"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.1-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.1.0.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.09"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.2.01-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.10"
                  },
                  {
                    "status": "affected",
                    "version": "3.0.0.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.06"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.2.08"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.3.03-tm"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.1.02"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.07"
                  },
                  {
                    "status": "affected",
                    "version": "4.0.4.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.19-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.12.6-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.13.02-tm"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.10"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.13"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.15"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.05"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.2.03"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.0.09"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.1.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.2.02"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.1.12"
                  },
                  {
                    "status": "affected",
                    "version": "1.0.1.17"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.19"
                  },
                  {
                    "status": "affected",
                    "version": "1.1.1.06"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.20"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.22"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.2.17"
                  },
                  {
                    "status": "affected",
                    "version": "4.2.3.14"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.11"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:56:15.521738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:12:22.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:12.546Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20518",
        "datePublished": "2024-10-02T16:56:12.546Z",
        "dateReserved": "2023-11-08T15:08:07.689Z",
        "dateUpdated": "2024-10-02T19:12:22.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20517 (GCVE-0-2024-20517)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:56 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:47.778863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:46.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:56:02.025Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20517",
        "datePublished": "2024-10-02T16:56:02.025Z",
        "dateReserved": "2023-11-08T15:08:07.689Z",
        "dateUpdated": "2024-10-02T17:25:46.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20516 (GCVE-0-2024-20516)

    Vulnerability from cvelistv5 – Published: 2024-10-02 16:55 – Updated: 2024-10-02 17:25
    VLAI
    Title
    Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 4.0.2.08-tm
    Affected: 4.2.3.08
    Affected: 4.1.1.01
    Affected: 4.2.3.03
    Affected: 3.0.0.1-tm
    Affected: 4.1.0.02-tm
    Affected: 4.2.3.09
    Affected: 3.0.2.01-tm
    Affected: 4.2.3.10
    Affected: 3.0.0.19-tm
    Affected: 4.2.3.06
    Affected: 4.2.2.08
    Affected: 4.0.3.03-tm
    Affected: 4.0.0.7
    Affected: 4.2.1.02
    Affected: 4.2.3.07
    Affected: 4.0.4.02-tm
    Affected: 1.3.12.19-tm
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 1.3.1.10
    Affected: 1.2.1.13
    Affected: 1.1.1.19
    Affected: 1.4.2.15
    Affected: 1.5.1.05
    Affected: 1.0.2.03
    Affected: 1.1.0.09
    Affected: 1.2.1.14
    Affected: 1.3.2.02
    Affected: 1.3.1.12
    Affected: 1.0.1.17
    Affected: 1.4.2.19
    Affected: 1.1.1.06
    Affected: 1.4.2.20
    Affected: 1.4.2.22
    Affected: 1.4.2.17
    Affected: 4.2.3.14
    Affected: 1.5.1.11
    Affected: 1.5.1.13
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:17:49.883022Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:25:54.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.08"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.0.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "3.0.2.01-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.2.1.02"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.13"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                },
                {
                  "status": "affected",
                  "version": "1.0.2.03"
                },
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "1.3.2.02"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.0.1.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.20"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T16:55:52.185Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
            "defects": [
              "CSCwm48770"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20516",
        "datePublished": "2024-10-02T16:55:52.185Z",
        "dateReserved": "2023-11-08T15:08:07.689Z",
        "dateUpdated": "2024-10-02T17:25:54.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20362 (GCVE-0-2024-20362)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:25 – Updated: 2024-11-07 19:16
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business RV Series Router Firmware Affected: 1.1.0.09
    Affected: 1.1.1.19
    Affected: 1.1.1.06
    Affected: 1.2.1.14
    Affected: 2.0.0.19-tm
    Affected: 1.3.1.12
    Affected: 1.3.1.10
    Affected: 1.3.12.6-tm
    Affected: 1.3.13.02-tm
    Affected: 4.0.0.7
    Affected: 4.0.2.08-tm
    Affected: 4.0.3.03-tm
    Affected: 4.0.4.02-tm
    Affected: 4.2.2.08
    Affected: 4.2.3.03
    Affected: 4.2.3.06
    Affected: 4.2.3.07
    Affected: 4.2.3.09
    Affected: 4.2.3.10
    Affected: 4.2.3.14
    Affected: 1.4.2.15
    Affected: 1.4.2.17
    Affected: 1.4.2.19
    Affected: 1.4.2.22
    Affected: 3.0.0.1-tm
    Affected: 4.1.1.01
    Affected: 1.5.1.05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T20:02:16.853338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T19:16:09.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-sbiz-rv-xss-OQeRTup",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business RV Series Router Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.0.09"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.19"
                },
                {
                  "status": "affected",
                  "version": "1.1.1.06"
                },
                {
                  "status": "affected",
                  "version": "1.2.1.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.0.19-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.12"
                },
                {
                  "status": "affected",
                  "version": "1.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "1.3.12.6-tm"
                },
                {
                  "status": "affected",
                  "version": "1.3.13.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.0.7"
                },
                {
                  "status": "affected",
                  "version": "4.0.2.08-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.3.03-tm"
                },
                {
                  "status": "affected",
                  "version": "4.0.4.02-tm"
                },
                {
                  "status": "affected",
                  "version": "4.2.2.08"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.03"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.06"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.07"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.09"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.10"
                },
                {
                  "status": "affected",
                  "version": "4.2.3.14"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.15"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.17"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.19"
                },
                {
                  "status": "affected",
                  "version": "1.4.2.22"
                },
                {
                  "status": "affected",
                  "version": "3.0.0.1-tm"
                },
                {
                  "status": "affected",
                  "version": "4.1.1.01"
                },
                {
                  "status": "affected",
                  "version": "1.5.1.05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:25:56.368Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sbiz-rv-xss-OQeRTup",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sbiz-rv-xss-OQeRTup",
            "defects": [
              "CSCwj24997"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20362",
        "datePublished": "2024-04-03T16:25:56.368Z",
        "dateReserved": "2023-11-08T15:08:07.651Z",
        "dateUpdated": "2024-11-07T19:16:09.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }