CVE-2024-20470

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-146
View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

Related Vulnerabilities

CVE-2023-20117

HIGH
CVSS:7.2(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute ...

CWE-1462023

CVE-2023-20128

HIGH
CVSS:7.2(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute ...

CWE-1462023

CVE-2022-4055

HIGH
CVSS:7.4(High)

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An atta...

CWE-1462022

CVE-2023-20035

HIGH
CVSS:7.8(High)

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficien...

CWE-1462023

CVE-2024-20329

CRITICAL
CVSS:9.9(Critical)

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability ...

CWE-1462024

CVE-2023-20035

HIGH
CVSS:7.8(High)

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficien...

CWE-1462023