cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-26071,https://securityvulnerability.io/vulnerability/CVE-2020-26071,Cisco SD-WAN Software Vulnerability Discovered,"A vulnerability has been identified in the Command Line Interface (CLI) of Cisco SD-WAN Software, allowing an authenticated local attacker to create or overwrite arbitrary files on the device. This situation arises from inadequate input validation for certain commands within the software. By injecting crafted arguments into these commands, an attacker could potentially disrupt the normal operation of the device, resulting in a denial of service condition. Cisco has addressed this issue in subsequent software updates, and there are no known workarounds to mitigate the risk. Users are advised to apply the latest updates to protect their systems.",Cisco,"Cisco Catalyst Sd-wan Manager,Cisco Sd-wan Vcontainer,Cisco Sd-wan Vedge Cloud,Cisco Sd-wan Vedge Router",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T16:05:35.221Z,0
CVE-2020-3431,https://securityvulnerability.io/vulnerability/CVE-2020-3431,Cross-Site Scripting Vulnerability in Cisco Small Business RV042 and RV042G VPN Routers,"A flaw in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and RV042G Dual Gigabit WAN VPN Routers allows remote attackers to perform cross-site scripting (XSS) attacks. This vulnerability arises from inadequate validation of user input in the management interface, enabling attackers to execute arbitrary script code. By tricking an interface user into clicking a specially crafted link, an attacker can gain access to sensitive browser information or manipulate the front-end interface. Cisco has issued software updates to mitigate this vulnerability, and no workarounds are available.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-18T16:02:42.393Z,0
CVE-2021-1461,https://securityvulnerability.io/vulnerability/CVE-2021-1461,Vulnerability in Image Signature Verification Feature Could Allow Attackers to Install Malware,"A vulnerability exists in the Image Signature Verification feature of Cisco SD-WAN Software, enabling an authenticated remote attacker with Administrator-level credentials to exploit this flaw. The root cause of the issue is the improper verification of digital signatures for software patch images. This manipulation allows an attacker to create an unsigned software patch that can bypass the necessary signature checks, leading to the potential installation of a malicious software patch image on the affected device. As a result, successful exploitation could permit unauthorized actions on the system unless addressed through the software updates provided by Cisco, as there are no viable workarounds for this security flaw.",Cisco,"Cisco Catalyst Sd-wan Manager,Cisco Sd-wan Vedge Router",4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:33:06.681Z,0
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:56:42.927Z,0
CVE-2024-20524,https://securityvulnerability.io/vulnerability/CVE-2024-20524,Cisco Small Business Routers Vulnerable to Remote Reload Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:57:45.406Z,0
CVE-2024-20523,https://securityvulnerability.io/vulnerability/CVE-2024-20523,Cisco Small Business Routers Vulnerable to Denial of Service Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:57:35.516Z,0
CVE-2024-20522,https://securityvulnerability.io/vulnerability/CVE-2024-20522,Cisco Small Business Routers Vulnerable to Remote Reload Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:57:27.083Z,0
CVE-2024-20521,https://securityvulnerability.io/vulnerability/CVE-2024-20521,Cisco Small Business Routers Vulnerability: Arbitrary Code Execution as Root User,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-10-02T16:56:42.263Z,0
CVE-2024-20520,https://securityvulnerability.io/vulnerability/CVE-2024-20520,Cisco Small Business Routers Vulnerability Could Allow Arbitrary Code Execution,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers allows an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. This issue arises from inadequate validation of user-supplied input, enabling an attacker with valid Administrator credentials to send specially crafted HTTP requests to the device. If successfully exploited, the attacker could execute code on the underlying operating system with elevated privileges, posing significant risks to network security.",Cisco,Cisco Small Business Rv Series Router Firmware,9.1,CRITICAL,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-10-02T16:56:33.815Z,0
CVE-2024-20519,https://securityvulnerability.io/vulnerability/CVE-2024-20519,Authenticated Arbitrary Code Execution Vulnerability in Cisco Routers,"A vulnerability exists in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers that could permit an authenticated, Administrator-level, remote attacker to execute arbitrary code with root privileges. The root cause of this vulnerability lies in the inadequate validation of user-supplied input to the web management interface. By sending specially crafted HTTP requests to the affected devices, an attacker could leverage this flaw to conduct malicious operations on the underlying operating system. It is essential for administrators of impacted Cisco routers to implement necessary security measures to mitigate potential risks.",Cisco,Cisco Small Business Rv Series Router Firmware,9.1,CRITICAL,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-10-02T16:56:21.994Z,0
CVE-2024-20518,https://securityvulnerability.io/vulnerability/CVE-2024-20518,Cisco Small Business Routers Vulnerable to Arbitrary Code Execution,"A vulnerability exists in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers, allowing an authenticated, Admin-level attacker to execute arbitrary code as the root user. The issue is caused by improper validation of user-supplied input, enabling potential exploitation through crafted HTTP requests directed at the management interface. Successful exploitation enables the attacker to run arbitrary code on the device’s operating system, posing a significant security risk.",Cisco,Cisco Small Business Rv Series Router Firmware,9.1,CRITICAL,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-10-02T16:56:12.546Z,0
CVE-2024-20517,https://securityvulnerability.io/vulnerability/CVE-2024-20517,"{""value"":""Cisco Small Business RV042 Web Interface Vulnerability Could Lead to DoS"",""description"":""Vulnerability in web-based management interface of Cisco Small Business routers could cause unexpected reload and denial of service.""}","A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:56:02.025Z,0
CVE-2024-20516,https://securityvulnerability.io/vulnerability/CVE-2024-20516,Cisco Small Business Routers Vulnerable to Reload Attack,"A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.
&nbsp;
This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.",Cisco,Cisco Small Business Rv Series Router Firmware,6.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-10-02T16:55:52.185Z,0
CVE-2024-20470,https://securityvulnerability.io/vulnerability/CVE-2024-20470,Cisco Small Business Routers Vulnerable to Arbitrary Code Execution,"A vulnerability affects the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, allowing an authenticated remote attacker to execute arbitrary code on the device. The vulnerability arises from inadequate validation of user-supplied input within the management interface. To exploit this vulnerability, an attacker must possess valid administrative credentials and send specially crafted HTTP requests to the vulnerable device. If successful, the exploit could grant the attacker root-level access to the underlying operating system, leading to potential further compromises of the affected network.",Cisco,Cisco Small Business Rv Series Router Firmware,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-02T16:54:58.682Z,0
CVE-2024-20393,https://securityvulnerability.io/vulnerability/CVE-2024-20393,Cisco Small Business Routers Vulnerable to Elevated Privileges Exploit,"A vulnerability exists in the web-based management interface of Cisco Small Business RV340 series routers that could allow an authenticated remote attacker to elevate their privileges. This vulnerability arises from the inadvertent exposure of sensitive information within the interface. By crafting specific HTTP inputs directed at an affected device, an attacker could potentially exploit this weakness, enabling them to elevate their access from guest to administrator level. Users of these routers should remain vigilant and apply recommended security measures to mitigate against this threat.",Cisco,Cisco Small Business Rv Series Router Firmware,8.8,HIGH,0.0005000000237487257,false,,true,false,false,,,false,false,,2024-10-02T16:53:04.527Z,0
CVE-2024-20381,https://securityvulnerability.io/vulnerability/CVE-2024-20381,Cisco ConfD JSON-RPC API Vulnerability Could Allow Remote Authenticated Attacker to Modify Configuration,"A vulnerability exists in the JSON-RPC API feature of Cisco's Crosswork Network Services Orchestrator and ConfD, utilized by the management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers. This vulnerability arises from improper authorization checks, allowing an authenticated remote attacker to exploit the API by sending malicious requests. A successful attack may enable the attacker to modify the configurations of affected applications or devices, potentially leading to unauthorized changes such as creating new user accounts or elevating privileges within the system.",Cisco,"Cisco iOS Xr Software,Cisco Network Services Orchestrator,Cisco Small Business Rv Series Router Firmware",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-11T16:38:42.096Z,0
CVE-2024-20416,https://securityvulnerability.io/vulnerability/CVE-2024-20416,Cisco RV340/RV345 Vulnerability: Arbitrary Code Execution via HTTP Requests,"A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
 This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-17T16:29:02.884Z,0
CVE-2024-20362,https://securityvulnerability.io/vulnerability/CVE-2024-20362,Cisco Small Business Routers Vulnerable to Cross-Site Scripting Attacks,"A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
 This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-11-07T20:15:08.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2023-20250,https://securityvulnerability.io/vulnerability/CVE-2023-20250,Remote Code Execution in Cisco RV Series Routers,"A security flaw in the web-based management interface of the Cisco Small Business RV110W, RV130, RV130W, and RV215W routers enables an authenticated remote attacker to execute arbitrary code on the affected device. This vulnerability arises from inadequate validation of incoming requests to the management interface. By sending specifically crafted requests with valid Administrator credentials, an attacker could potentially gain root access and execute unauthorized code, compromising the device's integrity and security.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.0012600000482052565,false,,false,false,true,2024-10-24T17:15:04.000Z,,false,false,,2023-09-06T17:15:00.000Z,0
CVE-2023-20118,https://securityvulnerability.io/vulnerability/CVE-2023-20118,Command Execution Vulnerability in Cisco Small Business Routers,"A vulnerability exists in the web-based management interface of several Cisco Small Business Routers that could allow an authenticated remote attacker to execute arbitrary commands. This flaw stems from improper validation of user input in HTTP packets. By sending a specially crafted HTTP request, an attacker with valid administrative credentials can potentially exploit this vulnerability to gain root-level access, compromising sensitive data and device functionality. Cisco will not release updates to rectify this issue, heightening the risk for users of these affected routers.",Cisco,Cisco Small Business Rv Series Router Firmware,6.5,MEDIUM,0.0006900000153109431,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-04-13T07:15:00.000Z,0
CVE-2023-20073,https://securityvulnerability.io/vulnerability/CVE-2023-20073,"Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability","A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",Cisco,Cisco Small Business Rv Series Router Firmware,5.3,MEDIUM,0.11886999756097794,false,,false,false,true,2023-08-18T02:42:50.000Z,true,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20117,https://securityvulnerability.io/vulnerability/CVE-2023-20117,Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities,"The web-based management interface of Cisco's Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contains multiple vulnerabilities that may allow authenticated remote attackers to inject and execute arbitrary commands on the device's underlying operating system. The root cause of these vulnerabilities lies in insufficient input validation, enabling attackers to send malicious inputs to the affected routers. Successful exploitation of these vulnerabilities requires valid Administrator credentials and can lead to executing commands with root privileges on the Linux operating system. Cisco has not yet provided software updates to mitigate these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,7.2,HIGH,0.0012799999676644802,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20150,https://securityvulnerability.io/vulnerability/CVE-2023-20150,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0010400000028312206,false,,false,false,true,2024-10-25T17:15:15.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20140,https://securityvulnerability.io/vulnerability/CVE-2023-20140,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0010400000028312206,false,,false,false,true,2024-10-25T17:15:15.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20139,https://securityvulnerability.io/vulnerability/CVE-2023-20139,"Cisco Small Business RV016, RV042, RV042G,  RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities","Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.",Cisco,Cisco Small Business Rv Series Router Firmware,6.1,MEDIUM,0.0010400000028312206,false,,false,false,true,2024-10-25T17:15:15.000Z,,false,false,,2023-04-05T00:00:00.000Z,0