Lucene search
Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)ZDI-22-411HistoryFeb 22, 2022 - 12:00 a.m.
(Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability
2022-02-2200:00:00
Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)
www.zerodayinitiative.com
22
EPSS
0.082
Percentile
94.4%
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of POST request parameters provided to the upload.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the www-data user.
Related
prion
prion
Authentication flaw
2022-02-10 18:15:00
cve
cve
CVE-2022-20707
2022-02-10 18:15:09
nvd
nvd
CVE-2022-20707
2022-02-10 18:15:09
cvelist
cvelist
CVE-2022-20707 Cisco Small Business RV Series Routers Vulnerabilities
2022-02-10 00:00:00
zdi
zdi
zdt
zdt
Cisco RV Series Authentication Bypass / Command Injection Exploit
2023-02-14 00:00:00
packetstorm
packetstorm
Cisco RV Series Authentication Bypass / Command Injection
2023-02-14 00:00:00
metasploit
metasploit
Cisco RV Series Authentication Bypass and Command Injection
2023-02-05 15:15:16
rapid7blog
rapid7blog
Metasploit Wrap-Up
2023-02-17 21:17:16
threatpost
threatpost
Critical Cisco Bugs Open VPN Routers to Cyberattacks
2022-02-03 20:15:54
thn
thn
Critical Flaws Discovered in Cisco Small Business RV Series Routers
2022-02-03 14:05:00
cisco
cisco
Cisco Small Business RV Series Routers Vulnerabilities
2022-02-02 16:00:00
nessus
nessus