Table of Contents
August 5, 2022
|5m
How to Fix Cve-2022-20842, a Remote Code Execution Vulnerability in Cisco RV Series Routers
On 3rd August, the network appliances manufacturer giant Cisco published an advisory in which Cisco detailed about three new vulnerabilities in multiple small business RV series router modules. The vulnerabilities are tracked as CVE-2022-20842, CVE-2022-20827, and CVE-2022-20841. They have been rated as two critical, and one is high in severity with a CVSS score of 9.8, 9.0, and 8.3 out of 10. These flaws allow an unauthenticated, remote attacker to perform remote code execution, Denial of Service, Web Filter Database Update Command Injection, and d Play Command Injection attack on the affected versions of the Cisco small business RV series router modules. Since these vulnerabilities allow attackers to carry out a wide range of attacks, It is considered critical and should fix it as soon as possible. Let’s see how to fix CVE-2022-20842, a remote code execution vulnerability in Cisco RV series routers.
The Other Two Vulnerabilities Published in the Advisory Are:
There are three vulnerabilities Cisco published in its advisory. Two critical and one high in severity.
CVE-2022-20842 (9.8): Denial of Service and Remote Code Execution Vulnerabilities in Cisco RV Series Routers.
CVE-2022-20827 (9.0): Web Filter Database Update Command Injection Vulnerability in Cisco RV Series Routers.
CVE-2022-20841 (8.3): Open Plug and Play Command Injection Vulnerability in Cisco RV Series Routers.
Summary of Cve-2022-20842:
This is a Remote Code Execution vulnerability in Cisco RV series router models RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The advisory says that this vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. This could lead to executing arbitrary code as a root user or even cause the device to reload. The flaw could be exploited by sending crafted HTTP input to the affected device. This RCE flaw allows an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting a DoS on an affected device.
| Associated CVE ID | CVE-2022-20842 |
| Description | A Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers. |
| Associated ZDI ID | – |
| CVSS Score | 9.8 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| Availability (a) | High |
Summary of Cve-2022-20827:
This is a Web Filter Database Update Command Injection Vulnerability in Cisco RV series router models RV160, RV260, RV340, and RV345 Series Routers. The advisory says that this vulnerability is due to insufficient input validation in the web filter database of the vulnerable models. This could lead to executing commands as a root user. This Command Injection Vulnerability allows an unauthenticated, remote attacker to perform a command injection and execute commands on an affected device with root privilege.
| Associated CVE ID | CVE-2022-20827 |
| Description | A Web Filter Database Update Command Injection Vulnerability in Cisco Small Business RV Series Routers. |
| Associated ZDI ID | – |
| CVSS Score | 9.0 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| Availability (a) | High |
This Table Is Created in Evernote By the Author
Summary of Cve-2022-20841:
This is an Open Plug and Play Command Injection Vulnerability in Cisco RV series router models RV160, RV260, RV340, and RV345 Series Routers. The advisory says that this vulnerability is due to insufficient validation of user-supplied input. This could lead to executing an arbitrary command. The flaw could be exploited by sending malicious input to an affected device. This Open Plug and Play Command Injection Vulnerability allows an unauthenticated, remote attacker to inject and execute arbitrary commands on an affected device.
| Associated CVE ID | CVE-2022-20841 |
| Description | A Open Plug and Play Command Injection Vulnerability in Cisco Small Business RV Series Routers |
| Associated ZDI ID | – |
| CVSS Score | 8.3 High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| Availability (a) | High |
List of Cisco RV Series Router Models Affected by Cve-2022-20842(1) And Cve-2022-20827:
Cisco confirmed the products below are vulnerable to all the three flaws. Please see the version information in the table added in the next section.
This image is captured from Cisco
How to Fix Cve-2022-20842, a Remote Code Execution Vulnerability in Cisco RV Series Routers?
Cisco has released security patches to fix CVE-2022-20842, CVE-2022-20827, and CVE-2022-20841 vulnerabilities. Please refer to this table to see the vulnerable versions of Cisco RV series routers with recommended fixes. We recommend upgrading to an appropriate fixed software release, as shown in the below table.
This image is captured from Cisco
Follow these links to see the procedure to upgrade the firmware of RV series routers:
We hope this post would help you know how to fix CVE-2022-20842, a remote code execution vulnerability in Cisco RV series routers. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram and subscribe to receive updates like this.
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
