CVE-2022-20707

Summary

CVE	CVE-2022-20707
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-10 18:15:00 UTC
Updated	2023-11-07 03:42:00 UTC
Description	Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Rv340	-	All	All	All
Hardware	Cisco	Rv340w	-	All	All	All
Operating System	Cisco	Rv340w Firmware	All	All	All	All
Operating System	Cisco	Rv340 Firmware	All	All	All	All
Hardware	Cisco	Rv345	-	All	All	All
Hardware	Cisco	Rv345p	-	All	All	All
Operating System	Cisco	Rv345p Firmware	All	All	All	All
Operating System	Cisco	Rv345 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
ZDI-22-409 \| Zero Day Initiative	MISC	www.zerodayinitiative.com
ZDI-22-411 \| Zero Day Initiative	MISC	www.zerodayinitiative.com
20220203 Cisco Small Business RV Series Routers Vulnerabilities	CISCO	tools.cisco.com
Cisco RV Series Authentication Bypass / Command Injection ≈ Packet Storm	MISC	packetstormsecurity.com
ZDI-22-419 \| Zero Day Initiative	MISC	www.zerodayinitiative.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

730347 Cisco Small Business RV (340|345) Series Routers Vulnerabilities (cisco-sa-smb-mult-vuln-KA9PK6D)