Search criteria
46 vulnerabilities found for rv042g by cisco
VAR-202304-1067
Vulnerability from variot - Updated: 2025-11-18 15:32A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.
This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.
Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds ["#workarounds"] section.
{{value}} ["%7b%7bvalue%7d%7d"])}]]. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Multiple Cisco Systems products, including firmware, contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-1067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv016",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv082",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"cve": "CVE-2023-20118",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-20118",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-20118",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-20118",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@cisco.com",
"id": "CVE-2023-20118",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-20118",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-20118",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-1035",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1035"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"db": "NVD",
"id": "CVE-2023-20118"
},
{
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. \r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. \r\n\r Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds [\"#workarounds\"] section. \r\n\r {{value}} [\"%7b%7bvalue%7d%7d\"])}]]. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Multiple Cisco Systems products, including firmware, contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20118"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20118",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008395",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-1035",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1035"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"id": "VAR-202304-1067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41167478
},
"last_update_date": "2025-11-18T15:32:39.265000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
},
{
"title": "Cisco Small Business Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234571"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1035"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-20118"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20118"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20118/"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1035"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1035"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1035"
},
{
"date": "2023-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"date": "2023-04-13T07:15:21.080000",
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-1035"
},
{
"date": "2023-12-01T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2023-008395"
},
{
"date": "2025-10-28T13:59:03.593000",
"db": "NVD",
"id": "CVE-2023-20118"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-008395"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-1035"
}
],
"trust": 0.6
}
}
VAR-202404-1866
Vulnerability from variot - Updated: 2025-08-09 23:15A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Cross-site scripting vulnerabilities exist in multiple Cisco Systems products, including firmware.Information may be obtained and information may be tampered with. Cisco Small Business is a switch of Cisco. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data by the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-1866",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv016",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv082",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv320",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv325",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv016",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv042",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv082",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"cve": "CVE-2024-20362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-20830",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-20362",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-026854",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@cisco.com",
"id": "CVE-2024-20362",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-026854",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-20830",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. \r\n\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Cross-site scripting vulnerabilities exist in multiple Cisco Systems products, including firmware.Information may be obtained and information may be tampered with. Cisco Small Business is a switch of Cisco. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data by the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20362"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"db": "CNVD",
"id": "CNVD-2024-20830"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20362",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-20830",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"id": "VAR-202404-1866",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
}
],
"trust": 1.0116747799999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
}
]
},
"last_update_date": "2025-08-09T23:15:59.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sbiz-rv-xss-OQeRTup",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbiz-rv-xss-OQeRTup"
},
{
"title": "Patch for Cisco Small Business Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/541076"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-80",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (Basic XSS)(CWE-80) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20362"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbiz-rv-xss-oqertup"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"date": "2025-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"date": "2024-04-03T17:15:49.707000",
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-20830"
},
{
"date": "2025-08-06T02:18:00",
"db": "JVNDB",
"id": "JVNDB-2024-026854"
},
{
"date": "2025-08-05T14:44:28.830000",
"db": "NVD",
"id": "CVE-2024-20362"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-026854"
}
],
"trust": 0.8
}
}
VAR-202301-0962
Vulnerability from variot - Updated: 2025-04-07 23:32A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system. Cisco Small Business RV042 Series routers contain an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-0962",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv082",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv016",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"cve": "CVE-2023-20025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-20025",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-20025",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-20025",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@cisco.com",
"id": "CVE-2023-20025",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-20025",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-20025",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-943",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-943"
},
{
"db": "NVD",
"id": "CVE-2023-20025"
},
{
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. \r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system. Cisco Small Business RV042 Series routers contain an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20025"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "VULMON",
"id": "CVE-2023-20025"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20025",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002344",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0171",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-943",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20025",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20025"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-943"
},
{
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"id": "VAR-202301-0962",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41167478
},
"last_update_date": "2025-04-07T23:32:23.045000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
},
{
"title": "Cisco Small Business RV016 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223494"
},
{
"title": "Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sbr042-multi-vuln-ej76Pke5"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20025"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-293",
"trust": 1.0
},
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20025"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0171"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20025/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20025"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-943"
},
{
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-20025"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-943"
},
{
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20025"
},
{
"date": "2023-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"date": "2023-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-943"
},
{
"date": "2023-01-20T07:15:14.490000",
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20025"
},
{
"date": "2023-07-05T07:35:00",
"db": "JVNDB",
"id": "JVNDB-2023-002344"
},
{
"date": "2023-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-943"
},
{
"date": "2025-04-07T13:46:26.707000",
"db": "NVD",
"id": "CVE-2023-20025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Small\u00a0Business\u00a0RV042\u00a0 Input Validation Vulnerability in Series Routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-943"
}
],
"trust": 0.6
}
}
VAR-202301-0961
Vulnerability from variot - Updated: 2025-03-13 23:09A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.
This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco Small Business Routers RV042 Series contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-0961",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv016",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv082",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"cve": "CVE-2023-20026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-20026",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-20026",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-20026",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@cisco.com",
"id": "CVE-2023-20026",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-20026",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-20026",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-947",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-947"
},
{
"db": "NVD",
"id": "CVE-2023-20026"
},
{
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. \r\n\r This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco Small Business Routers RV042 Series contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20026"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "VULMON",
"id": "CVE-2023-20026"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20026",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002358",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0171",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-947",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20026",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20026"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-947"
},
{
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"id": "VAR-202301-0961",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41167478
},
"last_update_date": "2025-03-13T23:09:14.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
},
{
"title": "Cisco Small Business RV016 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223495"
},
{
"title": "Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sbr042-multi-vuln-ej76Pke5"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20026"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-947"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20026"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0171"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20026/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20026"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-947"
},
{
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-20026"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-947"
},
{
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20026"
},
{
"date": "2023-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"date": "2023-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-947"
},
{
"date": "2023-01-20T07:15:14.813000",
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2023-20026"
},
{
"date": "2023-07-07T02:23:00",
"db": "JVNDB",
"id": "JVNDB-2023-002358"
},
{
"date": "2023-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-947"
},
{
"date": "2025-03-12T17:15:38.390000",
"db": "NVD",
"id": "CVE-2023-20026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-947"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0Small\u00a0Business\u00a0Routers\u00a0RV042\u00a0 Input validation vulnerability in series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-947"
}
],
"trust": 0.6
}
}
VAR-202006-1120
Vulnerability from variot - Updated: 2024-11-23 23:01Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kai Cheng",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3279",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006859",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-35159",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3279",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3279",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006859",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3279",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3279",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006859",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1149",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-3279",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"db": "VULMON",
"id": "CVE-2020-3279"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3279"
},
{
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. \n\r\n\r\nThere are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program\u0027s failure to properly verify the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3279"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"db": "VULMON",
"id": "CVE-2020-3279"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3279",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35159",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1149",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-3279",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"db": "VULMON",
"id": "CVE-2020-3279"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"id": "VAR-202006-1120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
}
]
},
"last_update_date": "2024-11-23T23:01:21.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-Rj5JRfF8",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8"
},
{
"title": "Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35159)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223655"
},
{
"title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123001"
},
{
"title": "Cisco: Cisco Small Business RV Series Routers Command Injection Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-routers-Rj5JRfF8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"db": "VULMON",
"id": "CVE-2020-3279"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-rj5jrff8"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3279"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3279"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/183584"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"db": "VULMON",
"id": "CVE-2020-3279"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"db": "VULMON",
"id": "CVE-2020-3279"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
},
{
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"date": "2020-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3279"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1149"
},
{
"date": "2020-06-18T03:15:12.637000",
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35159"
},
{
"date": "2020-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3279"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006859"
},
{
"date": "2020-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1149"
},
{
"date": "2024-11-21T05:30:42.780000",
"db": "NVD",
"id": "CVE-2020-3279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV In series routers OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006859"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1149"
}
],
"trust": 0.6
}
}
VAR-202006-1117
Vulnerability from variot - Updated: 2024-11-23 22:47Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kai Cheng",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3276",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3276",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006865",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-35166",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3276",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3276",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006865",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3276",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3276",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006865",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35166",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1156",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
},
{
"db": "NVD",
"id": "CVE-2020-3276"
},
{
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. \n\r\n\r\nThere are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program\u0027s failure to properly verify the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3276"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "CNVD",
"id": "CNVD-2020-35166"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3276",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35166",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1156",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
},
{
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"id": "VAR-202006-1117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
}
]
},
"last_update_date": "2024-11-23T22:47:58.799000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-Rj5JRfF8",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8"
},
{
"title": "Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35166)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223613"
},
{
"title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123006"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-rj5jrff8"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3276"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3276"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
},
{
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
},
{
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1156"
},
{
"date": "2020-06-18T03:15:12.340000",
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35166"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006865"
},
{
"date": "2020-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1156"
},
{
"date": "2024-11-21T05:30:42.420000",
"db": "NVD",
"id": "CVE-2020-3276"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV In series routers OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1156"
}
],
"trust": 0.6
}
}
VAR-202006-1116
Vulnerability from variot - Updated: 2024-11-23 22:37Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kai Cheng",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3275",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006864",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-35162",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006864",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3275",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3275",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006864",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35162",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1152",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
},
{
"db": "NVD",
"id": "CVE-2020-3275"
},
{
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. \n\r\n\r\nThere are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program\u0027s failure to properly verify the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "CNVD",
"id": "CNVD-2020-35162"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3275",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35162",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1152",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
},
{
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"id": "VAR-202006-1116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
}
]
},
"last_update_date": "2024-11-23T22:37:22.181000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-Rj5JRfF8",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8"
},
{
"title": "Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35162)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223631"
},
{
"title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123004"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-rj5jrff8"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3275"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3275"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
},
{
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
},
{
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1152"
},
{
"date": "2020-06-18T03:15:12.260000",
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35162"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006864"
},
{
"date": "2020-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1152"
},
{
"date": "2024-11-21T05:30:42.297000",
"db": "NVD",
"id": "CVE-2020-3275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV In series routers OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006864"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1152"
}
],
"trust": 0.6
}
}
VAR-202006-1115
Vulnerability from variot - Updated: 2024-11-23 22:25Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kai Cheng",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3274",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3274",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006863",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-35163",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3274",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3274",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006863",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3274",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3274",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006863",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35163",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1153",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
},
{
"db": "NVD",
"id": "CVE-2020-3274"
},
{
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. \n\r\n\r\nThere are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program\u0027s failure to properly verify the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3274"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "CNVD",
"id": "CNVD-2020-35163"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3274",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35163",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1153",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
},
{
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"id": "VAR-202006-1115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
}
]
},
"last_update_date": "2024-11-23T22:25:25.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-Rj5JRfF8",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8"
},
{
"title": "Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35163)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223629"
},
{
"title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-rj5jrff8"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3274"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3274"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
},
{
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
},
{
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1153"
},
{
"date": "2020-06-18T03:15:12.167000",
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35163"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006863"
},
{
"date": "2020-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1153"
},
{
"date": "2024-11-21T05:30:42.173000",
"db": "NVD",
"id": "CVE-2020-3274"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV In series routers OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1153"
}
],
"trust": 0.6
}
}
VAR-202006-1118
Vulnerability from variot - Updated: 2024-11-23 22:16Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kai Cheng",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3277",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3277",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006866",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-35161",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3277",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3277",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006866",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006866",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35161",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1151",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
},
{
"db": "NVD",
"id": "CVE-2020-3277"
},
{
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. \n\r\n\r\nThere are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program\u0027s failure to properly verify the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3277"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "CNVD",
"id": "CNVD-2020-35161"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3277",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35161",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1151",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
},
{
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"id": "VAR-202006-1118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
}
]
},
"last_update_date": "2024-11-23T22:16:27.139000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-Rj5JRfF8",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8"
},
{
"title": "Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35161)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223633"
},
{
"title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123003"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-rj5jrff8"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3277"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3277"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
},
{
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
},
{
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1151"
},
{
"date": "2020-06-18T03:15:12.417000",
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35161"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006866"
},
{
"date": "2020-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1151"
},
{
"date": "2024-11-21T05:30:42.540000",
"db": "NVD",
"id": "CVE-2020-3277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV In series routers OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006866"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1151"
}
],
"trust": 0.6
}
}
VAR-202006-1119
Vulnerability from variot - Updated: 2024-11-23 21:59Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1119",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kai Cheng",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006867",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-35160",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006867",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006867",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35160",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1150",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
},
{
"db": "NVD",
"id": "CVE-2020-3278"
},
{
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. \n\r\n\r\nThere are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program\u0027s failure to properly verify the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3278"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "CNVD",
"id": "CNVD-2020-35160"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3278",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35160",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1150",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
},
{
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"id": "VAR-202006-1119",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
}
]
},
"last_update_date": "2024-11-23T21:59:11.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-Rj5JRfF8",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8"
},
{
"title": "Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35160)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223651"
},
{
"title": "Multiple Cisco Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-rj5jrff8"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3278"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3278"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
},
{
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
},
{
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1150"
},
{
"date": "2020-06-18T03:15:12.497000",
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35160"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006867"
},
{
"date": "2020-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1150"
},
{
"date": "2024-11-21T05:30:42.657000",
"db": "NVD",
"id": "CVE-2020-3278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV In series routers OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006867"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1150"
}
],
"trust": 0.6
}
}
VAR-202006-1122
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
}
]
},
"cve": "CVE-2020-3286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3286",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006860",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-36259",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3286",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3286",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006860",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3286",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3286",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006860",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-36259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1165",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1165"
},
{
"db": "NVD",
"id": "CVE-2020-3286"
},
{
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "CNVD",
"id": "CNVD-2020-36259"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3286",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-36259",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1165",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1165"
},
{
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"id": "VAR-202006-1122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
}
]
},
"last_update_date": "2024-11-23T21:35:43.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Cisco product buffer overflow vulnerabilities (CNVD-2020-36259)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/224607"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121858"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3286"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3286"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1165"
},
{
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1165"
},
{
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1165"
},
{
"date": "2020-06-18T03:15:12.730000",
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36259"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006860"
},
{
"date": "2021-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1165"
},
{
"date": "2024-11-21T05:30:43.687000",
"db": "NVD",
"id": "CVE-2020-3286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006860"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1165"
}
],
"trust": 0.6
}
}
VAR-202006-1127
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
}
]
},
"cve": "CVE-2020-3291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3291",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006855",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34327",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3291",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3291",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006855",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3291",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3291",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006855",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-34327",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1161",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1161"
},
{
"db": "NVD",
"id": "CVE-2020-3291"
},
{
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3291"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "CNVD",
"id": "CNVD-2020-34327"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3291",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-34327",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1161",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1161"
},
{
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"id": "VAR-202006-1127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
}
]
},
"last_update_date": "2024-11-23T21:35:43.824000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-34327)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222917"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121854"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1161"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3291"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3291"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1161"
},
{
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1161"
},
{
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1161"
},
{
"date": "2020-06-18T03:15:13.167000",
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34327"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006855"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1161"
},
{
"date": "2024-11-21T05:30:44.317000",
"db": "NVD",
"id": "CVE-2020-3291"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006855"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1161"
}
],
"trust": 0.6
}
}
VAR-202006-1131
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
}
]
},
"cve": "CVE-2020-3295",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3295",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006849",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-36257",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3295",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3295",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006849",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3295",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3295",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006849",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-36257",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1163",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1163"
},
{
"db": "NVD",
"id": "CVE-2020-3295"
},
{
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3295"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "CNVD",
"id": "CNVD-2020-36257"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3295",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-36257",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1163",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1163"
},
{
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"id": "VAR-202006-1131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
}
]
},
"last_update_date": "2024-11-23T21:35:43.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-36257)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/224611"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121856"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1163"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3295"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3295"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1163"
},
{
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1163"
},
{
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1163"
},
{
"date": "2020-06-18T03:15:13.497000",
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36257"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006849"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1163"
},
{
"date": "2024-11-21T05:30:45.183000",
"db": "NVD",
"id": "CVE-2020-3295"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1163"
}
],
"trust": 0.6
}
}
VAR-202006-1132
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
}
]
},
"cve": "CVE-2020-3296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3296",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006850",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-35165",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3296",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3296",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006850",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3296",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3296",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006850",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-35165",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1155",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-3296",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"db": "VULMON",
"id": "CVE-2020-3296"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3296"
},
{
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3296"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"db": "VULMON",
"id": "CVE-2020-3296"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3296",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-35165",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1155",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-3296",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"db": "VULMON",
"id": "CVE-2020-3296"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"id": "VAR-202006-1132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
}
]
},
"last_update_date": "2024-11-23T21:35:43.768000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-35165)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223617"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121848"
},
{
"title": "Cisco: Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-routers-stack-vUxHmnNz"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"db": "VULMON",
"id": "CVE-2020-3296"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1155"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3296"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3296"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"db": "VULMON",
"id": "CVE-2020-3296"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"db": "VULMON",
"id": "CVE-2020-3296"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1155"
},
{
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"date": "2020-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3296"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1155"
},
{
"date": "2020-06-18T03:15:13.573000",
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-35165"
},
{
"date": "2021-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3296"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006850"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1155"
},
{
"date": "2024-11-21T05:30:45.303000",
"db": "NVD",
"id": "CVE-2020-3296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1155"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006850"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1155"
}
],
"trust": 0.6
}
}
VAR-202006-1126
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
}
]
},
"cve": "CVE-2020-3290",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3290",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006854",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34328",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3290",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3290",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3290",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3290",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006854",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-34328",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1162",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1162"
},
{
"db": "NVD",
"id": "CVE-2020-3290"
},
{
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3290"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "CNVD",
"id": "CNVD-2020-34328"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3290",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-34328",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1162",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1162"
},
{
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"id": "VAR-202006-1126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
}
]
},
"last_update_date": "2024-11-23T21:35:43.741000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Cisco product buffer overflow vulnerabilities (CNVD-2020-34328)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222913"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121855"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1162"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3290"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3290"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1162"
},
{
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1162"
},
{
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1162"
},
{
"date": "2020-06-18T03:15:13.073000",
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34328"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006854"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1162"
},
{
"date": "2024-11-21T05:30:44.200000",
"db": "NVD",
"id": "CVE-2020-3290"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1162"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1162"
}
],
"trust": 0.6
}
}
VAR-202006-1125
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
}
]
},
"cve": "CVE-2020-3289",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3289",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006853",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3289",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3289",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006853",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3289",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3289",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006853",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1169",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1169"
},
{
"db": "NVD",
"id": "CVE-2020-3289"
},
{
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3289"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3289",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006853",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1169",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1169"
},
{
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"id": "VAR-202006-1125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.51422708
},
"last_update_date": "2024-11-23T21:35:43.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3289"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3289"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1169"
},
{
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1169"
},
{
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1169"
},
{
"date": "2020-06-18T03:15:12.997000",
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006853"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1169"
},
{
"date": "2024-11-21T05:30:44.080000",
"db": "NVD",
"id": "CVE-2020-3289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006853"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1169"
}
],
"trust": 0.6
}
}
VAR-202006-1129
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
}
]
},
"cve": "CVE-2020-3293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3293",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006857",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34325",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3293",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3293",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006857",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3293",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3293",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006857",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-34325",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1159",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3293"
},
{
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3293"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "CNVD",
"id": "CNVD-2020-34325"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3293",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-34325",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1159",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"id": "VAR-202006-1129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
}
]
},
"last_update_date": "2024-11-23T21:35:43.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Cisco product buffer overflow vulnerabilities (CNVD-2020-34325)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222921"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121852"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3293"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3293"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1159"
},
{
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1159"
},
{
"date": "2020-06-18T03:15:13.323000",
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34325"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006857"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1159"
},
{
"date": "2024-11-21T05:30:44.930000",
"db": "NVD",
"id": "CVE-2020-3293"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006857"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1159"
}
],
"trust": 0.6
}
}
VAR-202006-1124
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
}
]
},
"cve": "CVE-2020-3288",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3288",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006862",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-36260",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3288",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3288",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006862",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3288",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3288",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006862",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-36260",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1168",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1168"
},
{
"db": "NVD",
"id": "CVE-2020-3288"
},
{
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3288"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "CNVD",
"id": "CNVD-2020-36260"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3288",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-36260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1168",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1168"
},
{
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"id": "VAR-202006-1124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
}
]
},
"last_update_date": "2024-11-23T21:35:43.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Cisco product buffer overflow vulnerabilities (CNVD-2020-36260)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/224605"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3288"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3288"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1168"
},
{
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1168"
},
{
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1168"
},
{
"date": "2020-06-18T03:15:12.900000",
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36260"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006862"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1168"
},
{
"date": "2024-11-21T05:30:43.960000",
"db": "NVD",
"id": "CVE-2020-3288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1168"
}
],
"trust": 0.6
}
}
VAR-202006-1123
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
}
]
},
"cve": "CVE-2020-3287",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3287",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006861",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-36258",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3287",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3287",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006861",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3287",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3287",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006861",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-36258",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1164",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-3287",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"db": "VULMON",
"id": "CVE-2020-3287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1164"
},
{
"db": "NVD",
"id": "CVE-2020-3287"
},
{
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"db": "VULMON",
"id": "CVE-2020-3287"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3287",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-36258",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1164",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-3287",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"db": "VULMON",
"id": "CVE-2020-3287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1164"
},
{
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"id": "VAR-202006-1123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
}
]
},
"last_update_date": "2024-11-23T21:35:43.585000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-36258)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/224609"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121857"
},
{
"title": "Cisco: Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-routers-stack-vUxHmnNz"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"db": "VULMON",
"id": "CVE-2020-3287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1164"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3287"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3287"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"db": "VULMON",
"id": "CVE-2020-3287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1164"
},
{
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"db": "VULMON",
"id": "CVE-2020-3287"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1164"
},
{
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"date": "2020-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3287"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1164"
},
{
"date": "2020-06-18T03:15:12.823000",
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36258"
},
{
"date": "2021-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3287"
},
{
"date": "2020-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006861"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1164"
},
{
"date": "2024-11-21T05:30:43.827000",
"db": "NVD",
"id": "CVE-2020-3287"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1164"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006861"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1164"
}
],
"trust": 0.6
}
}
VAR-202006-1130
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
}
]
},
"cve": "CVE-2020-3294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3294",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006858",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34324",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3294",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3294",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006858",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006858",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-34324",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1158",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1158"
},
{
"db": "NVD",
"id": "CVE-2020-3294"
},
{
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3294"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "CNVD",
"id": "CNVD-2020-34324"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3294",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-34324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1158",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1158"
},
{
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"id": "VAR-202006-1130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
}
]
},
"last_update_date": "2024-11-23T21:35:43.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-34324)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222923"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1158"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3294"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3294"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1158"
},
{
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1158"
},
{
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1158"
},
{
"date": "2020-06-18T03:15:13.417000",
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34324"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006858"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1158"
},
{
"date": "2024-11-21T05:30:45.057000",
"db": "NVD",
"id": "CVE-2020-3294"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006858"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1158"
}
],
"trust": 0.6
}
}
VAR-202006-1128
Vulnerability from variot - Updated: 2024-11-23 21:35Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv082",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv016",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv016 multi-wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv082 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv016 multi-wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv082 dual wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=4.2.3.10"
},
{
"model": "rv320 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
},
{
"model": "rv325 dual gigabit wan vpn",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=1.5.1.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:rv320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv325_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv016_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv042g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:rv082_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
}
]
},
"cve": "CVE-2020-3292",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-3292",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006856",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34326",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3292",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2020-3292",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006856",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3292",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3292",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006856",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-34326",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1160",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3292"
},
{
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program\u0027s failure to properly limit the user\u0027s input boundary",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3292"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "CNVD",
"id": "CNVD-2020-34326"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3292",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-34326",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2119.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1160",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"id": "VAR-202006-1128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
}
],
"trust": 1.1951892333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
}
]
},
"last_update_date": "2024-11-23T21:35:43.532000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-rv-routers-stack-vUxHmnNz",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"
},
{
"title": "Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-34326)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/222919"
},
{
"title": "Multiple Cisco Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121853"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-stack-vuxhmnnz"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3292"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3292"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2119.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1160"
},
{
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1160"
},
{
"date": "2020-06-18T03:15:13.247000",
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34326"
},
{
"date": "2020-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006856"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1160"
},
{
"date": "2024-11-21T05:30:44.440000",
"db": "NVD",
"id": "CVE-2020-3292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business RV Buffer error vulnerability in series routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006856"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1160"
}
],
"trust": 0.6
}
}
VAR-202410-0270
Vulnerability from variot - Updated: 2024-11-20 22:56A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business Routers is a router device of Cisco
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "small business rv042",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv042g",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv320",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv325",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"cve": "CVE-2024-20519",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-45301",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20519",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2024-20519",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-20519",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20519",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20519",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20519",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-45301",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"db": "NVD",
"id": "CVE-2024-20519"
},
{
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business Routers is a router device of Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20519"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"db": "CNVD",
"id": "CNVD-2024-45301"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20519",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-45301",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"id": "VAR-202410-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
}
],
"trust": 1.3345340499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
}
]
},
"last_update_date": "2024-11-20T22:56:38.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
},
{
"title": "Patch for Cisco Small Business WEB Interface Remote Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/618111"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20519"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"date": "2024-10-02T17:15:18.837000",
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45301"
},
{
"date": "2024-10-09T02:10:00",
"db": "JVNDB",
"id": "JVNDB-2024-010013"
},
{
"date": "2024-10-08T13:50:35.507000",
"db": "NVD",
"id": "CVE-2024-20519"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010013"
}
],
"trust": 0.8
}
}
VAR-202410-0311
Vulnerability from variot - Updated: 2024-11-20 22:54A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business Routers is a router device of Cisco
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "small business rv042",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv042g",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv320",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business rv325",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"cve": "CVE-2024-20518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-45302",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20518",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2024-20518",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-20518",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20518",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20518",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20518",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-45302",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"db": "NVD",
"id": "CVE-2024-20518"
},
{
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business Routers is a router device of Cisco",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20518"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"db": "CNVD",
"id": "CNVD-2024-45302"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20518",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-45302",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"id": "VAR-202410-0311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
}
],
"trust": 1.3345340499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
}
]
},
"last_update_date": "2024-11-20T22:54:27.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
},
{
"title": "Patch for Cisco Small Business WEB Interface Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/618106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20518"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"date": "2024-10-02T17:15:18.637000",
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-45302"
},
{
"date": "2024-10-09T01:59:00",
"db": "JVNDB",
"id": "JVNDB-2024-010004"
},
{
"date": "2024-10-08T13:50:14.730000",
"db": "NVD",
"id": "CVE-2024-20518"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010004"
}
],
"trust": 0.8
}
}
VAR-202410-0324
Vulnerability from variot - Updated: 2024-10-13 23:20A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"cve": "CVE-2024-20517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20517",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-20517",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20517",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20517",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20517",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"db": "NVD",
"id": "CVE-2024-20517"
},
{
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20517"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20517",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010024",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"id": "VAR-202410-0324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4690681
},
"last_update_date": "2024-10-13T23:20:15.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20517"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"date": "2024-10-02T17:15:18.417000",
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T02:48:00",
"db": "JVNDB",
"id": "JVNDB-2024-010024"
},
{
"date": "2024-10-08T13:47:52.483000",
"db": "NVD",
"id": "CVE-2024-20517"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010024"
}
],
"trust": 0.8
}
}
VAR-202410-0215
Vulnerability from variot - Updated: 2024-10-12 19:25A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"cve": "CVE-2024-20523",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20523",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-20523",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20523",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20523",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20523",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"db": "NVD",
"id": "CVE-2024-20523"
},
{
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20523"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20523",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010121",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"id": "VAR-202410-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4690681
},
"last_update_date": "2024-10-12T19:25:13.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20523"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"date": "2024-10-02T17:15:19.707000",
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-10T04:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-010121"
},
{
"date": "2024-10-08T13:48:29.500000",
"db": "NVD",
"id": "CVE-2024-20523"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010121"
}
],
"trust": 0.8
}
}
VAR-202410-0203
Vulnerability from variot - Updated: 2024-10-11 23:05A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"cve": "CVE-2024-20522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20522",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2024-20522",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-20522",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20522",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20522",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20522",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"db": "NVD",
"id": "CVE-2024-20522"
},
{
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20522"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20522",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010025",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"id": "VAR-202410-0203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4690681
},
"last_update_date": "2024-10-11T23:05:41.024000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20522"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"date": "2024-10-02T17:15:19.490000",
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T02:54:00",
"db": "JVNDB",
"id": "JVNDB-2024-010025"
},
{
"date": "2024-10-08T13:48:19.060000",
"db": "NVD",
"id": "CVE-2024-20522"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010025"
}
],
"trust": 0.8
}
}
VAR-202410-0195
Vulnerability from variot - Updated: 2024-10-11 23:04A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0195",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"cve": "CVE-2024-20524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20524",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-20524",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20524",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20524",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20524",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"db": "NVD",
"id": "CVE-2024-20524"
},
{
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20524"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20524",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010002",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"id": "VAR-202410-0195",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4690681
},
"last_update_date": "2024-10-11T23:04:43.852000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20524"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"date": "2024-10-02T17:15:19.930000",
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T01:23:00",
"db": "JVNDB",
"id": "JVNDB-2024-010002"
},
{
"date": "2024-10-08T13:48:58.273000",
"db": "NVD",
"id": "CVE-2024-20524"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010002"
}
],
"trust": 0.8
}
}
VAR-202410-0205
Vulnerability from variot - Updated: 2024-10-11 22:55A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"cve": "CVE-2024-20516",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20516",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-20516",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20516",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20516",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20516",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"db": "NVD",
"id": "CVE-2024-20516"
},
{
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20516"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20516",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010009",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"id": "VAR-202410-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4690681
},
"last_update_date": "2024-10-11T22:55:11.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20516"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"date": "2024-10-02T17:15:18.200000",
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T02:04:00",
"db": "JVNDB",
"id": "JVNDB-2024-010009"
},
{
"date": "2024-10-08T13:44:10.840000",
"db": "NVD",
"id": "CVE-2024-20516"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010009"
}
],
"trust": 0.8
}
}
VAR-202410-0194
Vulnerability from variot - Updated: 2024-10-11 22:53A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"cve": "CVE-2024-20521",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20521",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2024-20521",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-20521",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20521",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20521",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20521",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"db": "NVD",
"id": "CVE-2024-20521"
},
{
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20521"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20521",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-010012",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"id": "VAR-202410-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4690681
},
"last_update_date": "2024-10-11T22:53:44.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20521"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"date": "2024-10-02T17:15:19.280000",
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T02:10:00",
"db": "JVNDB",
"id": "JVNDB-2024-010012"
},
{
"date": "2024-10-08T13:50:57.163000",
"db": "NVD",
"id": "CVE-2024-20521"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-010012"
}
],
"trust": 0.8
}
}
VAR-202410-0164
Vulnerability from variot - Updated: 2024-10-10 23:25A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202410-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.2.08-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.19"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.10"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.11"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.12"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.20"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.19-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.1.02"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.13"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.2.02"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.1.01"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.2.08"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.13"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.08"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.19-tm"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.0.02-tm"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.1-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.07"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.3.03-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.15"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5.1.05"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.4.02-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.17"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.1.19"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.06"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.2.01-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.1.14"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0.0.7"
},
{
"model": "rv320",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.12.6-tm"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2.22"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rv325",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.14"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.2.03"
},
{
"model": "rv042",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.2.3.03"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.17"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.0.09"
},
{
"model": "rv042g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.13.02-tm"
},
{
"model": "rv042g dual gigabit wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv042 dual wan vpn",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"cve": "CVE-2024-20520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2024-20520",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2024-20520",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-20520",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-20520",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2024-20520",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-20520",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"db": "NVD",
"id": "CVE-2024-20520"
},
{
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. \r\n\u0026nbsp;\r\nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-20520"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-20520",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-009991",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"id": "VAR-202410-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4690681
},
"last_update_date": "2024-10-10T23:25:14.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-20520"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"date": "2024-10-02T17:15:19.050000",
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-09T01:20:00",
"db": "JVNDB",
"id": "JVNDB-2024-009991"
},
{
"date": "2024-10-08T13:50:48.337000",
"db": "NVD",
"id": "CVE-2024-20520"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-009991"
}
],
"trust": 0.8
}
}