Guest

Preview Tool

Cisco Bug: CSCvu40103 - Cisco RV340 OS command Injection in upload.cgi

Last Modified

Sep 02, 2020

Products (1)

  • Cisco Small Business RV Series Routers

Known Affected Releases

1.0.3.17

Description (partial)

Symptom:
A vulnerability in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.

The vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to run arbitrary commands on the underlying OS.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv

Conditions:
At the time of publication, these vulnerabilities affected the following Cisco Small Business Routers if they were running a firmware release earlier than Release 1.0.03.19:
At the time of publication, Cisco Small Business RV340 Series Routers firmware releases 1.0.03.19 and later contained the fix for these vulnerabilities.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.