Multiple vulnerabilities in Cisco Small Business RV042, RV042G, RV320 and RV325 Routers
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2024-20516 CVE-2024-20517 CVE-2024-20518 CVE-2024-20519 CVE-2024-20520 CVE-2024-20521 CVE-2024-20522 CVE-2024-20523 CVE-2024-20524 |
| CWE-ID | CWE-121 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco RV042 Dual WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco RV042G Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc RV320 Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc RV325 Dual Gigabit WAN VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU98007
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20516
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTTP packets. A remote administrator can send a specially crafted HTTP request, trigger stack-based buffer overflow and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU98009
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20517
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTTP packets. A remote administrator can send a specially crafted HTTP request, trigger stack-based buffer overflow and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU98013
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20518
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU98014
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20519
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU98015
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20520
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU98016
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20521
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the web-based management interface. A remote administrator can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU98010
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20522
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTTP packets. A remote administrator can send a specially crafted HTTP request, trigger stack-based buffer overflow and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stack-based buffer overflow
EUVDB-ID: #VU98011
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20523
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTTP packets. A remote administrator can send a specially crafted HTTP request, trigger stack-based buffer overflow and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Stack-based buffer overflow
EUVDB-ID: #VU98012
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20524
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing HTTP packets. A remote administrator can send a specially crafted HTTP request, trigger stack-based buffer overflow and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV042 Dual WAN VPN Router: All versions
Cisco RV042G Dual Gigabit WAN VPN Router: All versions
RV320 Dual Gigabit WAN VPN Router: All versions
RV325 Dual Gigabit WAN VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv042_dual_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv042g_dual_gigabit_wan_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv320_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
- cpe:2.3:h:cisco_systems:rv325_dual_gigabit_wan_vpn_router:*:*:*:*:*:small_business_rv_series_routers:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
