CVE-2022-20707
CRITICAL EXPLOITED IN THE WILDCisco RV Series Authentication Bypass and Command Injection
Title source: metasploitExploitation Summary
CVE-2022-20707 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-409/
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-411/
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-419/
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/170988/Cisco-RV-Series-Authentication-Bypass-Command-Injection.html
Scores
CVSS v3
10.0
EPSS
0.8140
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2024-09-18
InTheWild.io
2024-09-18
CWE
CWE-121
CWE-787
Status
published
Products (4)
cisco/rv340_firmware
< 1.0.03.24
cisco/rv340w_firmware
< 1.0.03.24
cisco/rv345_firmware
< 1.0.03.24
cisco/rv345p_firmware
< 1.0.03.24
Published
Feb 10, 2022
Tracked Since
Feb 18, 2026