Lucene search
Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)ZDI-22-408HistoryFeb 22, 2022 - 12:00 a.m.
(Pwn2Own) Cisco RV340 Firmware Update Missing Integrity Check Remote Code Execution Vulnerability
2022-02-2200:00:00
Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)
www.zerodayinitiative.com
56
0.01 Low
EPSS
Percentile
84.0%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of a firmware image when performing an upgrade. An attacker can leverage this vulnerability to execute code in the context of root.
Related
attackerkb
attackerkb
CVE-2022-20703
2022-02-03 00:00:00
nvd
nvd
CVE-2022-20703
2022-02-10 18:15:09
cvelist
cvelist
CVE-2022-20703 Cisco Small Business RV Series Routers Vulnerabilities
2022-02-03 00:00:00
cisa_kev
cisa_kev
prion
prion
Authentication flaw
2022-02-10 18:15:00
cve
cve
CVE-2022-20703
2022-02-10 18:15:09
zdi
zdi
thn
thn
CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog
2022-03-05 07:32:00
Critical Flaws Discovered in Cisco Small Business RV Series Routers
2022-02-03 14:05:00
nessus
nessus
threatpost
threatpost
Critical Cisco Bugs Open VPN Routers to Cyberattacks
2022-02-03 20:15:54
cisco
cisco
Cisco Small Business RV Series Routers Vulnerabilities
2022-02-02 16:00:00