Description

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system.

Related CPE's

o

cisco

rv016_firmware

-

Vulnerable

h

cisco

rv016

-

o

cisco

rv042_firmware

-

Vulnerable

h

cisco

rv042

-

o

cisco

rv042g_firmware

-

Vulnerable

h

cisco

rv042g

-

o

cisco

rv082_firmware

-

Vulnerable

h

cisco

rv082

-

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

MitigationVendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

MitigationVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-293

[email protected]

Primary
CWE-290

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-20T07:15:14.490

2 years ago

Last modified

2025-04-07T13:46:26.707

2 months ago