CVE-2022-20705

CRITICAL EXPLOITED

Cisco RV Series Routers - Auth Bypass and Command Injection

Title source: manual

Exploitation Summary

CVE-2022-20705 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Biem Pham, Neterum, jbaines-r7, including a Metasploit module exploits/linux/http/cisco_rv340_lan.

AI-analyzed exploit summary This Metasploit module exploits CVE-2022-20705 (authentication bypass) and CVE-2022-20707 (command injection) in Cisco RV Series routers. It leverages a session ID directory traversal to bypass authentication and injects commands via a malformed multipart form upload.

Description

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Biem Pham, Neterum, jbaines-r7 · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_rv340_lan.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2022-20705 (authentication bypass) and CVE-2022-20707 (command injection) in Cisco RV Series routers. It leverages a session ID directory traversal to bypass authentication and injects commands via a malformed multipart form upload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cisco RV160, RV260, RV340, RV345 (firmware versions 1.0.03.24 and below)

No auth needed

Prerequisites: Network access to the target device · SSL/TLS enabled on port 443

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory vendor-advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-409/

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-410/

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-415/

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html

Scores

CVSS v3 10.0

EPSS 0.8003

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-09-03

CWE

CWE-121 CWE-787

Status published

Products (9)

cisco/rv160_firmware < 1.0.01.05

cisco/rv160w_firmware < 1.0.01.05

cisco/rv260_firmware < 1.0.01.05

cisco/rv260p_firmware < 1.0.01.05

cisco/rv260w_firmware < 1.0.01.05

cisco/rv340_firmware < 1.0.03.24

cisco/rv340w_firmware < 1.0.03.24

cisco/rv345_firmware < 1.0.03.24

cisco/rv345p_firmware < 1.0.03.24

Published Feb 10, 2022

Tracked Since Feb 18, 2026