CVE-2023-20026: Input Validation
First published: Thu Jan 19 2023(Updated: )
A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Rv016 Firmware | ||
| Cisco Rv016 | ||
| Cisco Rv042 Firmware | ||
| Cisco Rv042 | ||
| Cisco Rv042g Firmware | ||
| Cisco Rv042g | ||
| Cisco Rv082 Firmware | ||
| Cisco Rv082 | ||
| All of | ||
| Cisco Rv016 Firmware | ||
| Cisco Rv016 | ||
| All of | ||
| Cisco Rv042 Firmware | ||
| Cisco Rv042 | ||
| All of | ||
| Cisco Rv042g Firmware | ||
| Cisco Rv042g | ||
| All of | ||
| Cisco Rv082 Firmware | ||
| Cisco Rv082 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Small Business Routers RV042 Series vulnerability?
The vulnerability ID for this Cisco Small Business Routers RV042 Series vulnerability is CVE-2023-20026.
What is the severity of CVE-2023-20026?
CVE-2023-20026 has a severity rating of 7.2, which is considered high.
What is the affected software for CVE-2023-20026?
The affected software for CVE-2023-20026 includes Cisco Rv016 Firmware, Cisco Rv042 Firmware, and Cisco Rv042g Firmware.
How does CVE-2023-20026 work?
CVE-2023-20026 allows an authenticated, remote attacker to inject arbitrary commands on an affected device by exploiting improper validation of user input fields within incoming HTTP packets.
Is there a fix available for CVE-2023-20026?
Yes, Cisco has provided a fix for CVE-2023-20026. It is recommended to apply the latest firmware update from Cisco to mitigate the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco rv016 firmware
- canonical/cisco rv016
- canonical/cisco rv042 firmware
- canonical/cisco rv042
- canonical/cisco rv042g firmware
- canonical/cisco rv042g
- canonical/cisco rv082 firmware
- canonical/cisco rv082