Multiple vulnerabilities in Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-20393 CVE-2024-20470 |
| CWE-ID | CWE-285 CWE-146 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco RV340 Dual WAN Gigabit VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco RV345 Dual WAN Gigabit VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc RV345P Dual WAN Gigabit PoE VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Authorization
EUVDB-ID: #VU98034
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-20393
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to insufficient authorization controls in the web-based management interface. A remote user can send specially crafted HTTP input and elevate privileges from guest to admin.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV340 Dual WAN Gigabit VPN Router: All versions
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router: All versions
Cisco RV345 Dual WAN Gigabit VPN Router: All versions
RV345P Dual WAN Gigabit PoE VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv340_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv340w_dual_wan_gigabit_wireless-ac_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv345_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv345p_dual_wan_gigabit_poe_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Neutralization of Expression/Command Delimiters
EUVDB-ID: #VU98035
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-20470
CWE-ID:
CWE-146 - Improper Neutralization of Expression/Command Delimiters
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to the web-based management interface does not sufficiently validate user-supplied input. A remote administrator can send a specially crafted HTTP request and execute arbitrary code as the root user on the underlying operating system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco RV340 Dual WAN Gigabit VPN Router: All versions
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router: All versions
Cisco RV345 Dual WAN Gigabit VPN Router: All versions
RV345P Dual WAN Gigabit PoE VPN Router: All versions
CPE2.3- cpe:2.3:h:cisco_systems:cisco_rv340_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv340w_dual_wan_gigabit_wireless-ac_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_rv345_dual_wan_gigabit_vpn_router:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:rv345p_dual_wan_gigabit_poe_vpn_router:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
