Description

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

INFO

Published Date :

2024-10-02T16:54:58.682Z

Last Modified :

2024-10-02T19:18:33.143Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20470 vulnerability.

Vendors Products
Cisco
  • Rv340 Dual Wan Gigabit Vpn Router
  • Rv340 Dual Wan Gigabit Vpn Router Firmware
  • Rv340w Dual Wan Gigabit Wireless-ac Vpn Router
  • Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Firmware
  • Rv345 Dual Wan Gigabit Vpn Router
  • Rv345 Dual Wan Gigabit Vpn Router Firmware
  • Rv345p Dual Wan Gigabit Poe Vpn Router
  • Rv345p Dual Wan Gigabit Poe Vpn Router Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20470.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact