CVE-2023-20124: Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability
First published: Wed Apr 05 2023(Updated: )
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Rv016 Firmware | ||
| Cisco Rv016 | ||
| Cisco Rv042 Firmware | ||
| Cisco Rv042 | ||
| Cisco Rv042g Firmware | ||
| Cisco Rv042g | ||
| Cisco Rv082 Firmware | ||
| Cisco Rv082 | ||
| Cisco Rv320 Firmware | ||
| Cisco RV320 | ||
| Cisco Rv325 Firmware | ||
| Cisco RV325 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-20124.
What is the severity of CVE-2023-20124?
The severity of CVE-2023-20124 is high, with a CVSS score of 7.2.
Which Cisco products are affected by CVE-2023-20124?
The Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers are affected by CVE-2023-20124.
How can an attacker exploit CVE-2023-20124?
An authenticated, remote attacker can exploit CVE-2023-20124 by executing arbitrary commands on the affected device.
Where can I find more information about CVE-2023-20124?
You can find more information about CVE-2023-20124 [here](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/cisco
- canonical/cisco rv016 firmware
- canonical/cisco rv016
- canonical/cisco rv042 firmware
- canonical/cisco rv042
- canonical/cisco rv042g firmware
- canonical/cisco rv042g
- canonical/cisco rv082 firmware
- canonical/cisco rv082
- canonical/cisco rv320 firmware
- canonical/cisco rv320
- canonical/cisco rv325 firmware
- canonical/cisco rv325