What is CVE-2022-20704?

CVE-2022-20704 is a vulnerability that allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers.

How can this vulnerability be exploited?

An administrator must perform a firmware update on the device for this vulnerability to be exploited.

What is the severity of CVE-2022-20704?

CVE-2022-20704 has a severity value of 7.1, which is considered critical.

Which software versions are affected by CVE-2022-20704?

Cisco RV340 Firmware versions up to and including 1.0.03.24 are affected by CVE-2022-20704.

How can I fix CVE-2022-20704?

To fix CVE-2022-20704, users should update their Cisco RV340 routers to a version higher than 1.0.03.24.

Vulnerability/
CVE-2022-20704

critical

CWE

787 121

10/2/2022

24/7/2024

6/11/2024

CVE-2022-20704: (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability

First published: Thu Feb 10 2022(Updated: )

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco RV340
Cisco Rv340 Firmware	<=1.0.03.24
Cisco RV340
Cisco Rv340w Firmware	<=1.0.03.24
Cisco Rv340w
Cisco Rv345 Firmware	<=1.0.03.24
Cisco Rv345
Cisco Rv345p Firmware	<=1.0.03.24
Cisco Rv345p
Cisco Rv160 Firmware	<=1.0.01.05
Cisco Rv160
Cisco Rv160w Firmware	<=1.0.01.05
Cisco Rv160w
Cisco Rv260 Firmware	<=1.0.01.05
Cisco Rv260
Cisco Rv260p Firmware	<=1.0.01.05
Cisco Rv260p
Cisco Rv260w Firmware	<=1.0.01.05
Cisco Rv260w

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-20704?
CVE-2022-20704 is a vulnerability that allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers.
How can this vulnerability be exploited?
An administrator must perform a firmware update on the device for this vulnerability to be exploited.
What is the severity of CVE-2022-20704?
CVE-2022-20704 has a severity value of 7.1, which is considered critical.
Which software versions are affected by CVE-2022-20704?
Cisco RV340 Firmware versions up to and including 1.0.03.24 are affected by CVE-2022-20704.
How can I fix CVE-2022-20704?
To fix CVE-2022-20704, users should update their Cisco RV340 routers to a version higher than 1.0.03.24.

collector/nvd-index
agent/weakness
agent/references
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/zdi-advisory
source/ZDI
alias/ZDI-22-413
alias/ZDI-CAN-15810
alias/CVE-2022-20703
alias/CVE-2022-20704
agent/software-canonical-lookup
agent/title
agent/author
agent/severity
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/cisco
canonical/cisco rv340 firmware
version/cisco rv340 firmware/1.0.03.24
canonical/cisco rv340
canonical/cisco rv340w firmware
version/cisco rv340w firmware/1.0.03.24
canonical/cisco rv340w
canonical/cisco rv345 firmware
version/cisco rv345 firmware/1.0.03.24
canonical/cisco rv345
canonical/cisco rv345p firmware
version/cisco rv345p firmware/1.0.03.24
canonical/cisco rv345p
canonical/cisco rv160 firmware
version/cisco rv160 firmware/1.0.01.05
canonical/cisco rv160
canonical/cisco rv160w firmware
version/cisco rv160w firmware/1.0.01.05
canonical/cisco rv160w
canonical/cisco rv260 firmware
version/cisco rv260 firmware/1.0.01.05
canonical/cisco rv260
canonical/cisco rv260p firmware
version/cisco rv260p firmware/1.0.01.05
canonical/cisco rv260p
canonical/cisco rv260w firmware
version/cisco rv260w firmware/1.0.01.05
canonical/cisco rv260w