cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-3431,https://securityvulnerability.io/vulnerability/CVE-2020-3431,Cross-Site Scripting Vulnerability in Cisco Small Business RV042 and RV042G VPN Routers,"A flaw in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and RV042G Dual Gigabit WAN VPN Routers allows remote attackers to perform cross-site scripting (XSS) attacks. This vulnerability arises from inadequate validation of user input in the management interface, enabling attackers to execute arbitrary script code. By tricking an interface user into clicking a specially crafted link, an attacker can gain access to sensitive browser information or manipulate the front-end interface. Cisco has issued software updates to mitigate this vulnerability, and no workarounds are available.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-18T16:02:42.393Z,0
CVE-2024-20524,https://securityvulnerability.io/vulnerability/CVE-2024-20524,Cisco Small Business Routers Vulnerable to Remote Reload Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-10-02T16:57:45.406Z,0
CVE-2024-20523,https://securityvulnerability.io/vulnerability/CVE-2024-20523,Cisco Small Business Routers Vulnerable to Denial of Service Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-10-02T16:57:35.516Z,0
CVE-2024-20522,https://securityvulnerability.io/vulnerability/CVE-2024-20522,Cisco Small Business Routers Vulnerable to Remote Reload Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-10-02T16:57:27.083Z,0
CVE-2024-20521,https://securityvulnerability.io/vulnerability/CVE-2024-20521,Cisco Small Business Routers Vulnerability: Arbitrary Code Execution as Root User,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2024-10-02T16:56:42.263Z,0
CVE-2024-20520,https://securityvulnerability.io/vulnerability/CVE-2024-20520,Cisco Small Business Routers Vulnerability Could Allow Arbitrary Code Execution,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers allows an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. This issue arises from inadequate validation of user-supplied input, enabling an attacker with valid Administrator credentials to send specially crafted HTTP requests to the device. If successfully exploited, the attacker could execute code on the underlying operating system with elevated privileges, posing significant risks to network security.",Cisco,Cisco Small Business Rv Series Router Firmware,9.1,CRITICAL,0.00046999999904073775,false,false,false,false,,false,false,2024-10-02T16:56:33.815Z,0
CVE-2024-20519,https://securityvulnerability.io/vulnerability/CVE-2024-20519,Authenticated Arbitrary Code Execution Vulnerability in Cisco Routers,"A vulnerability exists in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers that could permit an authenticated, Administrator-level, remote attacker to execute arbitrary code with root privileges. The root cause of this vulnerability lies in the inadequate validation of user-supplied input to the web management interface. By sending specially crafted HTTP requests to the affected devices, an attacker could leverage this flaw to conduct malicious operations on the underlying operating system. It is essential for administrators of impacted Cisco routers to implement necessary security measures to mitigate potential risks.",Cisco,Cisco Small Business Rv Series Router Firmware,9.1,CRITICAL,0.00046999999904073775,false,false,false,false,,false,false,2024-10-02T16:56:21.994Z,0
CVE-2024-20518,https://securityvulnerability.io/vulnerability/CVE-2024-20518,Cisco Small Business Routers Vulnerable to Arbitrary Code Execution,"A vulnerability exists in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers, allowing an authenticated, Admin-level attacker to execute arbitrary code as the root user. The issue is caused by improper validation of user-supplied input, enabling potential exploitation through crafted HTTP requests directed at the management interface. Successful exploitation enables the attacker to run arbitrary code on the device’s operating system, posing a significant security risk.",Cisco,Cisco Small Business Rv Series Router Firmware,9.1,CRITICAL,0.00046999999904073775,false,false,false,false,,false,false,2024-10-02T16:56:12.546Z,0
CVE-2024-20517,https://securityvulnerability.io/vulnerability/CVE-2024-20517,"{""value"":""Cisco Small Business RV042 Web Interface Vulnerability Could Lead to DoS"",""description"":""Vulnerability in web-based management interface of Cisco Small Business routers could cause unexpected reload and denial of service.""}","A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-10-02T16:56:02.025Z,0
CVE-2024-20516,https://securityvulnerability.io/vulnerability/CVE-2024-20516,Cisco Small Business Routers Vulnerable to Reload Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-10-02T16:55:52.185Z,0
CVE-2024-20470,https://securityvulnerability.io/vulnerability/CVE-2024-20470,Cisco Small Business Routers Vulnerable to Arbitrary Code Execution,"A vulnerability affects the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, allowing an authenticated remote attacker to execute arbitrary code on the device. The vulnerability arises from inadequate validation of user-supplied input within the management interface. To exploit this vulnerability, an attacker must possess valid administrative credentials and send specially crafted HTTP requests to the vulnerable device. If successful, the exploit could grant the attacker root-level access to the underlying operating system, leading to potential further compromises of the affected network.",Cisco,Cisco Small Business Rv Series Router Firmware,7.2,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-10-02T16:54:58.682Z,0
CVE-2024-20393,https://securityvulnerability.io/vulnerability/CVE-2024-20393,Cisco Small Business Routers Vulnerable to Elevated Privileges Exploit,"A vulnerability exists in the web-based management interface of Cisco Small Business RV340 series routers that could allow an authenticated remote attacker to elevate their privileges. This vulnerability arises from the inadvertent exposure of sensitive information within the interface. By crafting specific HTTP inputs directed at an affected device, an attacker could potentially exploit this weakness, enabling them to elevate their access from guest to administrator level. Users of these routers should remain vigilant and apply recommended security measures to mitigate against this threat.",Cisco,Cisco Small Business Rv Series Router Firmware,8.8,HIGH,0.0005000000237487257,false,true,false,false,,false,false,2024-10-02T16:53:04.527Z,0
CVE-2024-20381,https://securityvulnerability.io/vulnerability/CVE-2024-20381,Cisco ConfD JSON-RPC API Vulnerability Could Allow Remote Authenticated Attacker to Modify Configuration,"A vulnerability exists in the JSON-RPC API feature of Cisco's Crosswork Network Services Orchestrator and ConfD, utilized by the management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers. This vulnerability arises from improper authorization checks, allowing an authenticated remote attacker to exploit the API by sending malicious requests. A successful attack may enable the attacker to modify the configurations of affected applications or devices, potentially leading to unauthorized changes such as creating new user accounts or elevating privileges within the system.",Cisco,"Cisco iOS Xr Software,Cisco Network Services Orchestrator,Cisco Small Business Rv Series Router Firmware",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-09-11T16:38:42.096Z,0
CVE-2024-20416,https://securityvulnerability.io/vulnerability/CVE-2024-20416,Cisco RV340/RV345 Vulnerability: Arbitrary Code Execution via HTTP Requests,"A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
 This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-17T16:29:02.884Z,0
CVE-2024-20362,https://securityvulnerability.io/vulnerability/CVE-2024-20362,Cisco Small Business Routers Vulnerable to Cross-Site Scripting Attacks,"A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
 This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-04-03T17:15:00.000Z,0
CVE-2023-20250,https://securityvulnerability.io/vulnerability/CVE-2023-20250,,"A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
 This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.0012600000482052565,false,false,false,true,,false,false,2023-09-06T17:15:00.000Z,0
CVE-2023-20118,https://securityvulnerability.io/vulnerability/CVE-2023-20118,,"A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.
 This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.
 Cisco has not and will not release software updates that address this vulnerability.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.0006900000153109431,false,false,false,true,,false,false,2023-04-13T07:15:00.000Z,0
CVE-2023-20139,https://securityvulnerability.io/vulnerability/CVE-2023-20139,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20150,https://securityvulnerability.io/vulnerability/CVE-2023-20150,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20148,https://securityvulnerability.io/vulnerability/CVE-2023-20148,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20117,https://securityvulnerability.io/vulnerability/CVE-2023-20117,Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities,"The web-based management interface of Cisco's Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contains multiple vulnerabilities that may allow authenticated remote attackers to inject and execute arbitrary commands on the device's underlying operating system. The root cause of these vulnerabilities lies in insufficient input validation, enabling attackers to send malicious inputs to the affected routers. Successful exploitation of these vulnerabilities requires valid Administrator credentials and can lead to executing commands with root privileges on the Linux operating system. Cisco has not yet provided software updates to mitigate these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,7.2,HIGH,0.0012799999676644802,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20147,https://securityvulnerability.io/vulnerability/CVE-2023-20147,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0008099999977275729,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20149,https://securityvulnerability.io/vulnerability/CVE-2023-20149,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0010400000028312206,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20146,https://securityvulnerability.io/vulnerability/CVE-2023-20146,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0008099999977275729,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0
CVE-2023-20144,https://securityvulnerability.io/vulnerability/CVE-2023-20144,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0008099999977275729,false,false,false,true,,false,false,2023-04-05T00:00:00.000Z,0