DIVD-2023-00009 - Cisco RV Series Remote Command Execution
|Case lead||Max van der Horst|
|Product||Cisco RV340, RV340W, RV345 and RV345P|
|Recommendation||Upgrade the firmware of your RV Small Business Router to the latest version (larger than 1.0.03.28).|
|Last modified||20 Feb 2023 18:01|
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345 and RV345P could allow an authenticated, remote attacker to execute arbitrary code. The attacker does need valid administrator credentials.
What you can do
Update your Cisco Small Business Router to the latest firmware release (no earlier than 1.0.03.29).
What we are doing
DIVD is currently scanning for Small Business routers of the mentioned types that are vulnerable. Owners of vulnerable systems receive a notification with instructions to update their router.
|07 Feb 2023||DIVD starts researching the vulnerability|
|18 Feb 2023||First version of this casefile.|
gantt title DIVD-2023-00009 - Cisco RV Series Remote Command Execution dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2023-00009 - Cisco RV Series Remote Command Execution (still open) :2023-02-07, 2023-04-03 section Events DIVD starts researching the vulnerability : milestone, 2023-02-07, 0d First version of this casefile. : milestone, 2023-02-18, 0d