Authenticated Remote Code Execution in Cisco RV Router Web UI
CVE-2023-20250 Published on September 6, 2023
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.
Vulnerability Analysis
CVE-2023-20250 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2023-20250 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2023-20250
Want to know whenever a new CVE is published for Cisco Small Business Rv Series Router Firmware? stack.watch will email you.
Affected Versions
Cisco Small Business RV Series Router Firmware:- Version 1.0.0.30 is affected.
- Version 1.0.0.2 is affected.
- Version 1.0.0.21 is affected.
- Version 1.0.1.1 is affected.
- Version 1.0.1.3 is affected.
- Version 1.0.1.6 is affected.
- Version 1.0.1.99 is affected.
- Version 1.0.2.7 is affected.
- Version 1.0.2.99 is affected.
- Version 1.0.3.14 is affected.
- Version 1.0.3.16 is affected.
- Version 1.0.3.22 is affected.
- Version 1.0.3.28 is affected.
- Version 1.0.3.44 is affected.
- Version 1.0.3.45 is affected.
- Version 1.0.3.51 is affected.
- Version 1.0.3.52 is affected.
- Version 1.0.3.54 is affected.
- Version 1.0.3.55 is affected.
- Version 1.1.0.5 is affected.
- Version 1.1.0.6 is affected.
- Version 1.1.0.9 is affected.
- Version 1.2.0.10 is affected.
- Version 1.2.0.14 is affected.
- Version 1.2.0.15 is affected.
- Version 1.2.0.8 is affected.
- Version 1.2.0.9 is affected.
- Version 1.2.0.99 is affected.
- Version 1.2.1.4 is affected.
- Version 1.2.1.7 is affected.
- Version 1.2.2.1 is affected.
- Version 1.2.2.4 is affected.
- Version 1.2.2.5 is affected.
- Version 1.2.2.8 is affected.
- Version 1.3.0.4 is affected.
- Version 1.3.0.7 is affected.
- Version 1.3.0.8 is affected.
- Version 1.3.0.99 is affected.
- Version 1.3.1.1 is affected.
- Version 1.3.1.4 is affected.
- Version 1.3.1.5 is affected.
- Version 1.3.1.7 is affected.
- Version 1.0.0.2, <= 1.0.3.55 is affected.
- Version 1.1.0.5, <= 1.1.0.9 is affected.
- Version 1.2.0.8, <= 1.2.2.8 is affected.
- Version 1.3.0.4, <= 1.3.1.7 is affected.
- Version 1.0.0.2, <= 1.0.3.55 is affected.
- Version 1.1.0.5, <= 1.1.0.9 is affected.
- Version 1.2.0.8, <= 1.2.2.8 is affected.
- Version 1.3.0.4, <= 1.3.1.7 is affected.
- Version 1.0.0.2, <= 1.0.3.55 is affected.
- Version 1.1.0.5, <= 1.1.0.9 is affected.
- Version 1.2.0.8, <= 1.2.2.8 is affected.
- Version 1.3.0.4, <= 1.3.1.7 is affected.
- Version 1.0.0.2, <= 1.0.3.55 is affected.
- Version 1.1.0.5, <= 1.1.0.9 is affected.
- Version 1.2.0.8, <= 1.2.2.8 is affected.
- Version 1.3.0.4, <= 1.3.1.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.