CVE-2022-20703
CRITICAL KEVCisco Rv340 Firmware < 1.0.03.24 - Improper Certificate Validation
Title source: ruleDescription
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
References (4)
Scores
CVSS v3
10.0
EPSS
0.0200
EPSS Percentile
83.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CISA KEV
2022-03-03
VulnCheck KEV
2022-03-03
InTheWild.io
2022-03-03
ENISA EUVD
EUVD-2022-25953
CWE
CWE-295
CWE-121
Status
published
Products (9)
cisco/rv160_firmware
< 1.0.01.05
cisco/rv160w_firmware
< 1.0.01.05
cisco/rv260_firmware
< 1.0.01.05
cisco/rv260p_firmware
< 1.0.01.05
cisco/rv260w_firmware
< 1.0.01.05
cisco/rv340_firmware
< 1.0.03.24
cisco/rv340w_firmware
< 1.0.03.24
cisco/rv345_firmware
< 1.0.03.24
cisco/rv345p_firmware
< 1.0.03.24
Published
Feb 10, 2022
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026