CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2022-20704 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20704
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D https://www.zerodayinitiative.com/advisories/ZDI-22-413 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 10%CPEs: 18EXPL: 1CVE-2022-20705 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20705
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. • http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D https://www.zerodayinitiative.com/advisories/ZDI-22-409 https://www.zerodayinitiative.com/advisories/ZDI-22-410 https://www.zerodayinitiative.com/advisories/ZDI-22-415 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/cisco_rv340_lan.rb • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 18EXPL: 0CVE-2022-20706 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20706
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los routers Cisco Small Business RV160, RV260, RV340 y RV345 Series podrían permitir a un atacante realizar cualquiera de las siguientes acciones Ejecutar código arbitrario. Elevar los privilegios. Ejecutar comandos arbitrarios. Omitir las protecciones de autenticación y autorización. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D https://www.zerodayinitiative.com/advisories/ZDI-22-418 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 96%CPEs: 18EXPL: 1CVE-2021-1472 – Cisco Small Business RV Series Routers Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Se presentan múltiples vulnerabilidades en la interfaz de administración basada en web de los enrutadores Cisco Small Business RV Series. Un atacante remoto podría ejecutar comandos arbitrarios u omitir la autenticación y cargar archivos en un dispositivo afectado. • http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html http://seclists.org/fulldisclosure/2021/Apr/39 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 44EXPL: 0CVE-2021-1309 – Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1309
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •