Lucene search
Q. Kaiser from IoT Inspector Research LabZDI-22-417HistoryFeb 22, 2022 - 12:00 a.m.
(Pwn2Own) Cisco RV340 update-clients Command Injection Remote Code Execution Vulnerability
2022-02-2200:00:00
Q. Kaiser from IoT Inspector Research Lab
www.zerodayinitiative.com
60
0.008 Low
EPSS
Percentile
81.4%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the update-clients method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.
Related
nvd
nvd
CVE-2022-20708
2022-02-10 18:15:09
cve
cve
CVE-2022-20708
2022-02-10 18:15:09
attackerkb
attackerkb
CVE-2022-20708
2022-02-03 00:00:00
cisa_kev
cisa_kev
cvelist
cvelist
CVE-2022-20708 Cisco Small Business RV Series Routers Vulnerabilities
2022-02-03 00:00:00
prion
prion
Authentication flaw
2022-02-10 18:15:00
thn
thn
CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog
2022-03-05 07:32:00
Critical Flaws Discovered in Cisco Small Business RV Series Routers
2022-02-03 14:05:00
threatpost
threatpost
Critical Cisco Bugs Open VPN Routers to Cyberattacks
2022-02-03 20:15:54
nessus
nessus
cisco
cisco
Cisco Small Business RV Series Routers Vulnerabilities
2022-02-02 16:00:00