CVE-2022-20842 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a DoS.

These vulnerabilities are due to weaknesses in processing code that is generated by the router. An attacker could exploit these vulnerabilities to execute code on the device or cause the device to crash, resulting in a denial of service. Cisco has released software updates that address these vulnerabilities for all affected Cisco Small Business RV Series Routers.

CVE-2018-0171: Heap-based memory corruption issue Cisco Small Business RV Series Routers running software releases 1.0.0 to 1.0.10 could allow an unauthenticated attacker to cause a denial of service (DoS) condition by injecting malicious code into web server processes that are running on the device. The vulnerability exists because the code that is generated by the router does not limit the size of data that is processed. An attacker could exploit this vulnerability by sending a series of messages to a web server on the router. Cisco has released software updates that address this vulnerability for all affected Cisco Small Business RV Series Routers.

CVE-2018-0172: HTTPoxy vulnerability Cisco Small Business RV Series Routers running software releases 1.0.0 to 1.0.10 could allow an unauthenticated attacker to cause a denial of service (DoS) condition by sending a series of requests with invalid HTTP headers to a web server running on the router. The vulnerability exists because the code that is generated by the router does not properly parse HTTP requests

Vulnerable Products and Addresses

These vulnerabilities affect all affected Cisco Small Business RV Series Routers.

The following software releases are affected:

Cisco Small Business RV Series Routers running software releases 1.0.0 to 1.0.10

Cisco Small Business RV Series Network Security Devices

Cisco Small Business RV Series Network Security devices are vulnerable to three critical vulnerabilities that could allow an attacker to remotely execute code on the device or cause them to crash. Cisco has released software updates that address these vulnerabilities for all affected Cisco Small Business RV Series Routers.

Vulnerable Release(s)

Cisco Small Business RV Series Routers running software releases 1.0.0 to 1.0.10 are affected by these vulnerabilities.

Timeline

Published on: 08/10/2022 09:15:00 UTC
Last modified on: 08/12/2022 18:09:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20842