CVE-2024-20362

Summary

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Small Business RV Series Router Firmware1.1.0.09affected
CiscoCisco Small Business RV Series Router Firmware1.1.1.19affected
CiscoCisco Small Business RV Series Router Firmware1.1.1.06affected
CiscoCisco Small Business RV Series Router Firmware1.2.1.14affected
CiscoCisco Small Business RV Series Router Firmware2.0.0.19-tmaffected
CiscoCisco Small Business RV Series Router Firmware1.3.1.12affected
CiscoCisco Small Business RV Series Router Firmware1.3.1.10affected
CiscoCisco Small Business RV Series Router Firmware1.3.12.6-tmaffected
CiscoCisco Small Business RV Series Router Firmware1.3.13.02-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.0.0.7affected
CiscoCisco Small Business RV Series Router Firmware4.0.2.08-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.0.3.03-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.0.4.02-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.2.2.08affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.03affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.06affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.07affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.09affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.10affected
CiscoCisco Small Business RV Series Router Firmware4.2.3.14affected
CiscoCisco Small Business RV Series Router Firmware1.4.2.15affected
CiscoCisco Small Business RV Series Router Firmware1.4.2.17affected
CiscoCisco Small Business RV Series Router Firmware1.4.2.19affected
CiscoCisco Small Business RV Series Router Firmware1.4.2.22affected
CiscoCisco Small Business RV Series Router Firmware3.0.0.1-tmaffected
CiscoCisco Small Business RV Series Router Firmware4.1.1.01affected
CiscoCisco Small Business RV Series Router Firmware1.5.1.05affected

Weaknesses

  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References