First published: Thu Jan 19 2023(Updated: )
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system.
Credit: ykramarz@cisco.com psirt@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco RV016 Multi-WAN VPN Firmware | ||
Cisco RV016 Multi-WAN VPN | ||
Cisco RV042G Firmware | ||
Cisco RV042 Dual WAN VPN Router | ||
Cisco RV042G | ||
Cisco RV042G Firmware | ||
Cisco RV082 Firmware | ||
Linksys RV082 | ||
All of | ||
All of | ||
All of | ||
All of | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this Cisco Small Business RV042 Series Routers vulnerability is CVE-2023-20025.
The severity of CVE-2023-20025 is critical with a score of 9.8.
CVE-2023-20025 does not affect Cisco Rv016 Firmware.
CVE-2023-20025 affects Cisco Rv042 Firmware.
Yes, Cisco has provided a fix for CVE-2023-20025. Please refer to the Cisco Security Advisory for more information.