Page 6 of 31 results (0.003 seconds)

CVSS: 9.8EPSS: 96%CPEs: 18EXPL: 1

Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Se presentan múltiples vulnerabilidades en la interfaz de administración basada en web de los enrutadores Cisco Small Business RV Series. Un atacante remoto podría ejecutar comandos arbitrarios u omitir la autenticación y cargar archivos en un dispositivo afectado. • http://packetstormsecurity.com/files/162238/Cisco-RV-Authentication-Bypass-Code-Execution.html http://seclists.org/fulldisclosure/2021/Apr/39 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-560 • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-559 • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Múltiples vulnerabilidades en la interfaz de administración basada en web de Enrutadores Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario con privilegios elevados equivalentes al proceso de servicio web en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b https://www.zerodayinitiative.com/advisories/ZDI-21-558 • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Multiples vulnerabilidades en la interfaz de administración basada en web de Cisco Small Business RV340 Series Routers, podrían permitir a un atacante remoto autenticado con credenciales administrativas ejecutar comandos arbitrarios en el Sistema Operativo (SO) subyacente como un usuario restringido. Para más información sobre estas vulnerabilidades, consultar la sección Detalles de este aviso This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv https://www.zerodayinitiative.com/advisories/ZDI-20-1100 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •