CVE-2023-20025

Summary

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Small Business RV Series Router Firmware2.0.0.19-tmaffected
CiscoCisco Small Business RV Series Router Firmware2.0.2.01-tmaffected
CiscoCisco Small Business RV Series Router Firmware1.3.12.19-tmaffected
CiscoCisco Small Business RV Series Router Firmware1.3.12.6-tmaffected
CiscoCisco Small Business RV Series Router Firmware1.3.13.02-tmaffected
CiscoCisco Small Business RV Series Router Firmware1.3.9.8-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.0.0.7affected
CiscoCisco Small Business RV Series Router Firmware4.0.2.08-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.0.3.03-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.0.4.02-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.2.1.02affected
CiscoCisco Small Business RV Series Router Firmware4.2.2.08affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.03affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.06affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.07affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.08affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.09affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.10affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.14affected
CiscoCisco Small Business RV Series Router Firmware3.0.0.1-tmaffected
CiscoCisco Small Business RV Series Router Firmware3.0.0.19-tmaffected
CiscoCisco Small Business RV Series Router Firmware3.0.2.01-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.1.1.01affected
CiscoCisco Small Business RV Series Router Firmware4.1.0.02-tmaffected

Weaknesses

  • CWE-293: Using Referer Field for Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References