Skip to content

Affected Systems: Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers

Description:

Cisco has released an advisory detailing how multiple of its small business routers are vulnerable to multiple new vulnerabilities and must be updated as soon as possible.

These new vulnerabilities are CVE-2022-20842, CVE-2022-20827, and CVE-2022-20841.

CVE-2022-20842 allows for a remote attacker to execute code as the root user or force an affected device to restart, causing a denial-of-service (DoS) condition. CVE-2022-20827 can allow an attacker to preform command injection and execute commands on the operating system with root privileges. Lastly, CVE-2022-20841 also allows for command injection, however this can only be done once the attacker has an established foothold on a network device that is connected to the affected router, or has leveraged a man-in-the-middle position.

The products vulnerable to CVE-2022-20827 and CVE-2022-20841 are:

  • RV160 VPN Routers
  • RV160W Wireless-AC VPN Routers
  • RV260 VPN Routers
  • RV260P VPN Routers with PoE
  • RV260W Wireless-AC VPN Routers
  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit POE VPN Routers

The products vulnerable to CVE-2022-20842 are:

  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit POE VPN Routers

CVE-2022-20842 and CVE-2022-20827 both have a critical security impact rating, with CVSS base scores of 9.8 and 9.0 respectively.  CVE-2022-20841 has a security impact rating of high, alongside a CVSS base score of 8.3.

Preventions:

Cisco has released free software upgrades for all affected devices and recommends that any systems vulnerable to these exploits should be updated as soon as possible.

Cisco advises that customers with service contracts that entitle them to regular updates can access these security updates through their usual update channels. Customers that do not hold service contracts with CISCO can obtain updates for these vulnerabilities by contacting the Cisco TAC at https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Related Links: