CVE-2023-20073

MEDIUM EXPLOITED NUCLEI

Cisco RV340, RV340W, RV345, and RV345P Firmware < 1.0.03.29 - Unauthenticated Arbitrary File Upload

Title source: llm

Exploitation Summary

CVE-2023-20073 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including RegularITCat. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2023-20073, a file upload vulnerability in Cisco Small Business RV340, RV340W, RV345, and RV345P routers. It uploads a malicious HTML file to the target device, demonstrating an arbitrary file write vulnerability.

Description

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

Exploits (1)

nomisec WORKING POC 1 stars

by RegularITCat · remote

https://github.com/RegularITCat/CVE-2023-20073

View Code ZIP pw:eip

This PoC exploits CVE-2023-20073, a file upload vulnerability in Cisco Small Business RV340, RV340W, RV345, and RV345P routers. It uploads a malicious HTML file to the target device, demonstrating an arbitrary file write vulnerability.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Cisco Small Business RV340, RV340W, RV345, RV345P routers

Auth required

Prerequisites: Network access to the target device · Valid authentication credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

CRITICALVERIFIEDby princechaddha,ritikchaddha

FOFA:

app="CISCO-RV340" || app="CISCO-RV340W" || app="CISCO-RV345" || app="CISCO-RV345P" || app="cisco-rv340" || app="cisco-rv340w" || app="cisco-rv345" || app="cisco-rv345p"

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V

Scores

CVSS v3 5.3

EPSS 0.8887

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2023-11-15

CWE

CWE-434

Status published

Products (4)

cisco/rv340_firmware < 1.0.03.29

cisco/rv340w_firmware < 1.0.03.29

cisco/rv345_firmware < 1.0.03.29

cisco/rv345p_firmware < 1.0.03.29

Published Apr 05, 2023

Tracked Since Feb 18, 2026