• Home
  • |
  • Blog
  • |
  • How to Fix Cve-2022-20842, a Remote Code Execution Vulnerability in Cisco RV Series Routers
How to Fix CVE-2022-20842, a Remote Code Execution Vulnerability in Cisco RV Series Routers

On 3rd August, the network appliances manufacturer giant Cisco published an advisory in which Cisco detailed about three new vulnerabilities in multiple small business RV series router modules. The vulnerabilities are tracked as CVE-2022-20842, CVE-2022-20827, and CVE-2022-20841. They have been rated as two critical, and one is high in severity with a CVSS score of 9.8, 9.0, and 8.3 out of 10. These flaws allow an unauthenticated, remote attacker to perform remote code execution, Denial of Service, Web Filter Database Update Command Injection, and d Play Command Injection attack on the affected versions of the Cisco small business RV series router modules. Since these vulnerabilities allow attackers to carry out a wide range of attacks, It is considered critical and should fix it as soon as possible. Let’s see how to fix CVE-2022-20842, a remote code execution vulnerability in Cisco RV series routers.

The Other Two Vulnerabilities Published in the Advisory Are:

There are three vulnerabilities Cisco published in its advisory. Two critical and one high in severity.

CVE-2022-20842 (9.8): Denial of Service and Remote Code Execution Vulnerabilities in Cisco RV Series Routers.

CVE-2022-20827 (9.0): Web Filter Database Update Command Injection Vulnerability in Cisco RV Series Routers.

CVE-2022-20841 (8.3): Open Plug and Play Command Injection Vulnerability in Cisco RV Series Routers.

Summary of Cve-2022-20842:

This is a Remote Code Execution vulnerability in Cisco RV series router models RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. The advisory says that this vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. This could lead to executing arbitrary code as a root user or even cause the device to reload. The flaw could be exploited by sending crafted HTTP input to the affected device. This RCE flaw allows an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting a DoS on an affected device.

Associated CVE IDCVE-2022-20842
DescriptionA Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers.
Associated ZDI ID
CVSS Score9.8 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High

Summary of Cve-2022-20827:

This is a Web Filter Database Update Command Injection Vulnerability in Cisco RV series router models RV160, RV260, RV340, and RV345 Series Routers. The advisory says that this vulnerability is due to insufficient input validation in the web filter database of the vulnerable models. This could lead to executing commands as a root user. This Command Injection Vulnerability allows an unauthenticated, remote attacker to perform a command injection and execute commands on an affected device with root privilege.

Associated CVE IDCVE-2022-20827
DescriptionA Web Filter Database Update Command Injection Vulnerability in Cisco Small Business RV Series Routers.
Associated ZDI ID
CVSS Score9.0 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High
This Table Is Created in Evernote By the Author

Summary of Cve-2022-20841:

This is an Open Plug and Play Command Injection Vulnerability in Cisco RV series router models RV160, RV260, RV340, and RV345 Series Routers. The advisory says that this vulnerability is due to insufficient validation of user-supplied input. This could lead to executing an arbitrary command. The flaw could be exploited by sending malicious input to an affected device. This Open Plug and Play Command Injection Vulnerability allows an unauthenticated, remote attacker to inject and execute arbitrary commands on an affected device.

Associated CVE IDCVE-2022-20841
DescriptionA Open Plug and Play Command Injection Vulnerability in Cisco Small Business RV Series Routers
Associated ZDI ID
CVSS Score8.3 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PRLow
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)High

List of Cisco RV Series Router Models Affected by Cve-2022-20842(1) And Cve-2022-20827:

Cisco confirmed the products below are vulnerable to all the three flaws. Please see the version information in the table added in the next section.

This image is captured from Cisco

How to Fix Cve-2022-20842, a Remote Code Execution Vulnerability in Cisco RV Series Routers?

Cisco has released security patches to fix CVE-2022-20842, CVE-2022-20827, and CVE-2022-20841 vulnerabilities. Please refer to this table to see the vulnerable versions of Cisco RV series routers with recommended fixes. We recommend upgrading to an appropriate fixed software release, as shown in the below table.

This image is captured from Cisco

Follow these links to see the procedure to upgrade the firmware of RV series routers:

RV160x and RV260x routers

RV34x Series Router

We hope this post will help you know how to fix CVE-2022-20842, a remote code execution vulnerability in Cisco RV series routers. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.