Cisco.RV.Servics.CGI.upload.session.ID.Remote.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection vulnerability in Cisco RV Series Routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.
Affected Products
Cisco RV340 firmware version 1.0.03.24 and prior
Cisco RV340w firmware version 1.0.03.24 and prior
Cisco RV345 firmware version 1.0.03.24 and prior
Cisco RV345p firmware version 1.0.03.24 and prior
Cisco RV160 firmware version 1.0.01.05 and prior
Cisco RV160w firmware version 1.0.01.05 and prior
Cisco RV260 firmware version 1.0.01.05 and prior
Cisco RV260p firmware version 1.0.01.05 and prior
Cisco RV260w firmware version 1.0.01.05 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
Version Updates
Date | Version | Detail |
---|---|---|
2023-03-15 | 0.00344 |