CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3453 – Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3453
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Multiples vulnerabilidades en la interfaz de administración basada en web de Cisco Small Business RV340 Series Routers, podrían permitir a un atacante remoto autenticado con credenciales administrativas ejecutar comandos arbitrarios en el sistema operativo (SO) subyacente como un usuario restringido. Para más información sobre estas vulnerabilidades, consultar la sección Detalles de este aviso This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv https://www.zerodayinitiative.com/advisories/ZDI-20-1101 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3358 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3358
A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition. Una vulnerabilidad en la funcionalidad Secure Sockets Layer (SSL) VPN para Cisco Small Business RV VPN Routers, podría permitir a un atacante remoto no autenticado causar el reinicio inesperado del dispositivo, causando una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3357 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3357
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. Una vulnerabilidad en la funcionalidad Secure Sockets Layer (SSL) VPN de Cisco Small Business RV340, RV340W, RV345, y RV345P Dual WAN Gigabit VPN Routers, podría permitir a un atacante remoto no autenticado ejecutar código arbitrario en un dispositivo afectado o causar la recarga del dispositivo, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-6784
https://notcve.org/view.php?id=CVE-2017-6784
A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. • http://www.securityfocus.com/bid/100402 http://www.securitytracker.com/id/1039191 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •