Vulnerability Description
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Rv340 Dual Wan Gigabit Vpn Router Firmware | 1.0.00.29 |
| Cisco | Rv340 Dual Wan Gigabit Vpn Router | - |
| Cisco | Rv340W Dual Wan Gigabit Wireless-Ac Vpn Router Firmware | 1.0.00.29 |
| Cisco | Rv340W Dual Wan Gigabit Wireless-Ac Vpn Router | - |
| Cisco | Rv345 Dual Wan Gigabit Vpn Router Firmware | 1.0.00.29 |
| Cisco | Rv345 Dual Wan Gigabit Vpn Router | - |
| Cisco | Rv345P Dual Wan Gigabit Poe Vpn Router Firmware | 1.0.00.29 |
| Cisco | Rv345P Dual Wan Gigabit Poe Vpn Router | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-20393?
CVE-2024-20393 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate pri...
How severe is CVE-2024-20393?
CVE-2024-20393 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20393?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware, Cisco Rv340 Dual Wan Gigabit Vpn Router, Cisco Rv340W Dual Wan Gigabit Wireless-Ac Vpn Router Firmware, Cisco Rv340W Dual Wan Gigabit Wireless-Ac Vpn Router, Cisco Rv345 Dual Wan Gigabit Vpn Router Firmware.