Advisory 81: Cisco Small Business Router Vulnerability CVE-2023-20118
Release Date: 03rd of March 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users.
What is it?
Cisco Small Business RV Series Routers command injection Vulnerability: Multiple Cisco Small Business TV Series Routers contains a command injection vulnerability in the web-based management interface.
What are the Systems affected?
Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320 and RV325 Routers Versions affected;
- Affected at 1.0.1.17
- Affected at 1.0.2.03
- Affected at 1.1.0.09
- Affected at 1.1.1.19
- Affected at 1.1.1.06
- Affected at 1.2.1.13
- Affected at 1.2.1.14
- Affected at 1.3.1.12
- Affected at 1.3.2.02
- Affected at 1.3.1.10
- Affected at 1.4.2.15
- Affected at 1.4.2.17
- Affected at 1.4.2.19
- Affected at 1.4.2.20
- Affected at 1.4.2.22
- Affected at 1.5.1.05
- Affected at 1.5.1.11
- Affected at 1.5.1.13
What this means?
The vulnerable Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.
Mitigation process
CERTVU encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds. Apply mitigations per vendor instructions, follow applicable BOD 22-1 guidance for cloud services, or discontinue use of the affected product if mitigations are unavailable
References
1.https://www.cve.org/CVERecord?id=CVE-2023-20118
- Download advisory (English): SonicWALL Vulnerability – CVE-2024-53704
- Download advisory (Bislama): Vulnerabiliti long Cisco Small Business Router CVE-2023-20118
- Download advisory (French): Vulnérabilité des routeurs Cisco Small Business CVE-2023-20118