1. Home
  2. CVE Database
  3. CVE-2024-20470
HIGH · 7.2

CVE-2024-20470

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arb...

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoRv340 Dual Wan Gigabit Vpn Router Firmware1.0.00.29
CiscoRv340 Dual Wan Gigabit Vpn Router-
CiscoRv340W Dual Wan Gigabit Wireless-Ac Vpn Router Firmware1.0.00.29
CiscoRv340W Dual Wan Gigabit Wireless-Ac Vpn Router-
CiscoRv345 Dual Wan Gigabit Vpn Router Firmware1.0.00.29
CiscoRv345 Dual Wan Gigabit Vpn Router-
CiscoRv345P Dual Wan Gigabit Poe Vpn Router Firmware1.0.00.29
CiscoRv345P Dual Wan Gigabit Poe Vpn Router-

Related Weaknesses (CWE)

CWE-146

References

FAQ

What is CVE-2024-20470?

CVE-2024-20470 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arb...

How severe is CVE-2024-20470?

CVE-2024-20470 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20470?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware, Cisco Rv340 Dual Wan Gigabit Vpn Router, Cisco Rv340W Dual Wan Gigabit Wireless-Ac Vpn Router Firmware, Cisco Rv340W Dual Wan Gigabit Wireless-Ac Vpn Router, Cisco Rv345 Dual Wan Gigabit Vpn Router Firmware.