losaneuro.blogg.se - Backdoor vulnerability of cisco small business routers

An attacker that sends malicious HTTP requests could execute code with root privileges.

CVE-2022-20699 This one's the remote code execution flaw and exists thanks to insufficient boundary checks when processing specific HTTP requests.

If that's not enough to worry about, the boxes can also be made to create DDoS attacks. Being made to fetch and run unsigned software.Authentication and authorization protection bypasses.The flaws impact the RV160, RV260, RV340 and RV345 products, all of which can be abused with: And it only has patches available for two of the affected ranges.

Cisco has revealed five critical bugs, three of them rated 10/10 on the Common Vulnerability Scoring System, that impact four of its router families aimed at small businesses.