1. Home
  2. CVE Database
  3. CVE-2023-20141
MEDIUM · 6.1

CVE-2023-20141

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct ...

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
CiscoRv016 FirmwareAll versions
CiscoRv016-
CiscoRv042 FirmwareAll versions
CiscoRv042-
CiscoRv042G FirmwareAll versions
CiscoRv042G-
CiscoRv082 FirmwareAll versions
CiscoRv082-
CiscoRv320 FirmwareAll versions
CiscoRv320-
CiscoRv325 FirmwareAll versions
CiscoRv325-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2023-20141?

CVE-2023-20141 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct ...

How severe is CVE-2023-20141?

CVE-2023-20141 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20141?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv016 Firmware, Cisco Rv016, Cisco Rv042 Firmware, Cisco Rv042, Cisco Rv042G Firmware.