Fix Multiple Critical Vulnerabilities In Cisco RV Series Routers

The networking equipment maker Cisco rolled out patches for multiple critical vulnerabilities in Cisco RV series routers. Cisco marked 15 vulnerabilities in its advisory, of which three carried the highest CVSS score of 10.0. Advisory also says that the successful exploitation of the vulnerabilities could lead to attacks like arbitrary code execution, privilege escalation, bypass authentication and authorization protections, and Denial of Service (DoS). It is very important to know more about the vulnerabilities for a user who uses Cisco’s RV series of routers in their network. Let’s see the list of vulnerabilities and their impact, along with how to fix those critical vulnerabilities in the affected Cisco RV series of routers.

List Of Routers Affected By The Vulnerabilities:

Here are the list of routers vulnerable to flaws.

RV160 and RV260 Series Routers v1.0.01.05 and earlier are affected by these vulnerabilities. RV340 and RV345 Series Routers c1.0.03.24 are affected by these vulnerabilities.

List Of Vulnerabilities In Cisco RV Series Routers: 

Here is the list of vulnerabilities published in the security advisory.

1. CVE-2022-20699: This vulnerability allows remote attackers to perform an unauthenticated arbitrary code execution affected devices. The flaw is due to improper boundary checks when processing specific HTTP requests, so it can be exploited by crafting a malicious HTTP request. Cisco routers RV340, RV340W, RV345, and RV345P are affected by this vulnerability.
2. CVE-2022-20700, CVE-2022-20701, CVE-2022-20702: This flaw allows remote attackers to elevate privileges to root. This vulnerability is due to insufficient authorization enforcement mechanisms. An attacker could exploit this vulnerability by submitting specific commands. All the
3. CVE-2022-20703: This flaw allows attackers to install and load malicious software images on the affected devices. This is due to improper verification of software images.
4. CVE-2022-20704:  Due to improper validation of the SSL server certificate, attackers can view and modify the information shared between affected devices. This vulnerability gives an opportunity for attackers to carry out the man-in-the-middle attack and intercept the traffic.
5. CVE-2022-20705: Vulnerability in the session management of the web UI permits an unauthenticated, remote attacker to access web UI by bypassing authentication protections.
6. CVE-2022-20706: The vulnerability is due to insufficient validation of user-supplied input in the router operating system’s Open Plug and Play (PnP) module. This allows a remote attacker to inject and execute arbitrary commands on the affected system. Attackers can exploit the flaws by sending malicious input to an affected device.
7. CVE-2022-20707, CVE-2022-20708, CVE-2022-20749: The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface of the affected routers. This allows a remote attacker to inject and execute arbitrary commands on the affected system. Attackers can exploit the flaws by sending malicious input to an affected device. Cisco routers RV340, RV340W, RV345, and RV345P are affected by this vulnerability.
8. CVE-2022-20709: This vulnerability allows an attacker to upload arbitrary files due to insufficient authorization enforcement in the web-based management interface. The attacker can exploit this vulnerability by sending a crafted HTTP request. Cisco routers RV340, RV340W, RV345, and RV345P are affected by this vulnerability.
9. CVE-2022-20710: Erroneously handled exceptions during failed login attempts to prevent legitimate logins. This causes a denial of service in login functionality in the web-based management interface. This vulnerability can be exploited by submitting a crafted HTTP packet.
10. CVE-2022-20711: insufficient input validation of the web UI components allows attackers to overwrite certain files. Attackers can exploit the flaws by sending crafted HTTP requests to the vulnerable device. Cisco routers RV340, RV340W, RV345, and RV345P are affected by this vulnerability.
11. CVE-2022-20712: This flaw allows remote attackers to execute arbitrary code. It happens when there are insufficient boundary checks in processing specific HTTP requests. Attackers can exploit the flaws by sending crafted HTTP requests to the vulnerable device.

Fix Vulnerabilities In Cisco RV Series Routers:

Vulnerabilities in RV160 and RV260 series routers are fixed in release no. TBD (Feb 2022) and RV340 and RV345 series routers are fixed in 1.0.03.26.

Since there is no workaround to fix these vulnerabilities, it is required to upgrade the firmware version of the router. Please visit the security advisories or contact Cisco TAC service for more details.

We hope this post will help you know about the Multiple Critical Vulnerabilities in Cisco RV Series Routers. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page in Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this. 

• How To Fix CVE-2021-45608- A RCE Vulnerability In NetUSB Affect Millions Of Routers?
• How to Fix CVE-2021-0146- A High Severity Privilege Escalation Vulnerability In Intel Chips?
• What Is A Privilege Escalation Attack? How To Prevent Privilege Escalation Attacks?
• Step By Step Procedure To Set Up Open VPN On Raspberry Pi:
• What Is Arbitrary Code Execution? How To Prevent Arbitrary Code Execution?