CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2022-20704 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20704
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D https://www.zerodayinitiative.com/advisories/ZDI-22-413 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 10%CPEs: 18EXPL: 1CVE-2022-20705 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20705
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. • http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D https://www.zerodayinitiative.com/advisories/ZDI-22-409 https://www.zerodayinitiative.com/advisories/ZDI-22-410 https://www.zerodayinitiative.com/advisories/ZDI-22-415 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/cisco_rv340_lan.rb • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 18EXPL: 0CVE-2022-20706 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20706
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D https://www.zerodayinitiative.com/advisories/ZDI-22-418 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1602 – Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1602
A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 96%CPEs: 18EXPL: 1CVE-2021-1472 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Se presentan múltiples vulnerabilidades en la interfaz de administración basada en web de los enrutadores Cisco Small Business RV Series. Un atacante remoto podría ejecutar comandos arbitrarios u omitir la autenticación y cargar archivos en un dispositivo afectado. • http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html http://seclists.org/fulldisclosure/2021/Apr/39 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •