Cisco Bug: CSCvu40103 - Cisco RV340 OS command Injection in upload.cgi
Sep 02, 2020
- Cisco Small Business RV Series Routers
Known Affected Releases
Symptom: A vulnerability in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to run arbitrary commands on the underlying OS. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv Conditions: At the time of publication, these vulnerabilities affected the following Cisco Small Business Routers if they were running a firmware release earlier than Release 1.0.03.19: At the time of publication, Cisco Small Business RV340 Series Routers firmware releases 1.0.03.19 and later contained the fix for these vulnerabilities.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases