Select Page

Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit.

The issues are rooted in the router’s web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system.

The most severe of the two is CVE-2023-20025 (CVSS score: 9.0), which is the result of improper validation of user input within incoming HTTP packets.

A threat actor could exploit it remotely by sending a specially crafted HTTP request to vulnerable routers’ web-based management interface to bypass authentication and obtain elevated permissions.

images from Hacker News