Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
August 21, 2022
Rewterz
Rewterz Threat Advisory – Multiple Cisco Small Business routers Vulnerabilities
August 21, 2022

Rewterz Threat Advisory – Multiple Cisco Small Business routers Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-20882 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20883 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20884 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20885 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20886 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20887 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20888 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20890 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20891 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20892 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20893 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20894 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20895 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20896 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20897 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20898 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

CVE-2022-20899 CVSS:4.7
Multiple Cisco Small Business routers could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by insufficient validation of user fields within incoming HTTP packets. By sending a specially-crafted request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart.

Impact

  • Command Execution

Indicators Of Compromise

CVE

  • CVE-2022-20882
  • CVE-2022-20883
  • CVE-2022-20884
  • CVE-2022-20885
  • CVE-2022-20886
  • CVE-2022-20887
  • CVE-2022-20888
  • CVE-2022-20890
  • CVE-2022-20891
  • CVE-2022-20892
  • CVE-2022-20893
  • CVE-2022-20894
  • CVE-2022-20895
  • CVE-2022-20896
  • CVE-2022-20897
  • CVE-2022-20898
  • CVE-2022-20899

Affected Vendors

  • Cisco

Affected Products

  • Cisco RV110W Wireless-N VPN Firewall
  • Cisco RV130W Wireless-N Multifunction VPN Router
  • Cisco RV215W Wireless-N VPN Router
  • Cisco RV130 VPN Router

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information. 
Cisco Security Advisory